Hi I don’t think you need the incubator there. You can propose to log4j pmc to move forward on log4j 1.x. Anyone can propose new releases on any branches (including old ones). If you need my support/help on this, please let me know.
Just my €0.01 ;) Regards JB > Le 20 déc. 2021 à 08:27, Vladimir Sitnikov <sitnikov.vladi...@gmail.com> a > écrit : > > Hi, > > I want to resurrect log4j 1.x to fix well-known security issues. > I'm looking for the champion and committers. > > log4j 1.x is a wildly used logging library, so releasing a secured version > would silence CVE warnings > all over the world, and it would enable users to focus on more relevant > tasks than "upgrading from log4j1 to log4j2". > > I do not expect active log4j1 development, however, I would strongly focus > on fixing the security issues. > > Unfortunately, there are lots of applications that can't easily upgrade to > log4j2, and they are exposed to security issues. > I did try my best cooperating with the current logging PMC, and it looks > like they > are not interested in fixing 1.x (see [1], [2], [3], [4]) > > I'm a member of PMC on Apache JMeter and Apache Calcite projects, so > I am familiar with the way Apache projects are governed. > > [1]: https://lists.apache.org/thread/mlpb9v15r8qzpc58xnjn99r6tf9yy0p5 > [2]: https://lists.apache.org/thread/hq2m11f1w9yp031r5f65b9h4ym2zy1kc > [3]: https://lists.apache.org/thread/tw172svxt1q6wds7lt9szyjw2sxjf34n > [4]: https://lists.apache.org/thread/y89v84okzs76g2yl760vx5yc0w1y4yd8 > > Vladimir --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
