Hi, I want to resurrect log4j 1.x to fix well-known security issues. I'm looking for the champion and committers.
log4j 1.x is a wildly used logging library, so releasing a secured version would silence CVE warnings all over the world, and it would enable users to focus on more relevant tasks than "upgrading from log4j1 to log4j2". I do not expect active log4j1 development, however, I would strongly focus on fixing the security issues. Unfortunately, there are lots of applications that can't easily upgrade to log4j2, and they are exposed to security issues. I did try my best cooperating with the current logging PMC, and it looks like they are not interested in fixing 1.x (see [1], [2], [3], [4]) I'm a member of PMC on Apache JMeter and Apache Calcite projects, so I am familiar with the way Apache projects are governed. [1]: https://lists.apache.org/thread/mlpb9v15r8qzpc58xnjn99r6tf9yy0p5 [2]: https://lists.apache.org/thread/hq2m11f1w9yp031r5f65b9h4ym2zy1kc [3]: https://lists.apache.org/thread/tw172svxt1q6wds7lt9szyjw2sxjf34n [4]: https://lists.apache.org/thread/y89v84okzs76g2yl760vx5yc0w1y4yd8 Vladimir
