I know Vladimir but let's do things in order, if we move in all ways it
will fail.
Incubating log4j1 will fail as I epxlained - not even sure incubator would
let it be incubated since project is official dead for everybody and can
only get security fixes (incubator is to ensure you can build a
>I would propose to talk with logging PMC first
I did exactly that, and they did not listen. They have no will to keep
releasing 1.x versions.
At the same time, they do not allow others to release log4j:log4j:1.x
versions.
I'm waiting for the response by Logging PMC chair Ron once again:
Romain,
Romain>for now the thread is looking for options which are not needed from
my window
It was the Logging PMC team who suggested I should re-incubate log4j 1.x.
Romain>1. where is the patch needed to fix the desired CVE? - must be
compatible
with current SVN trunk
The current SVN trunk
Agree with Romain. Let’s just take concrete actions: I would propose to talk
with logging PMC first (they can provide their preferences).
It’s really amazing how we can create endless thread for simple/concrete topics
;)
Regards
JB
> Le 22 déc. 2021 à 08:17, Romain Manni-Bucau a écrit :
>
ok, so let's try to not create an endless thread:
1. where is the patch needed to fix the desired CVE? - must be compatible
with current svn trunk
2. please attach it to a ticket (or multiple if there are multiple fixes)
like LOG4J2-3219
3. if it does not get applied and PMC is opposed to get it
Matt>Nobody in the Logging PMC is blocking a release here.
Matt, thanks for the reply, however, it is false :(
I see you are positive, however, many more replies were quite negative.
Ralph Goers says: "We’ve stated several times that we don’t think
resurrecting Log4j 1.x permanently is a good
Sent from my iPhone
> On Dec 21, 2021, at 5:13 AM, Romain Manni-Bucau wrote:
>
> Le mar. 21 déc. 2021 à 12:33, Enrico Olivelli a
> écrit :
>
>> Vladimir,
>> I totally support this proposal.
>>
>> Which are actually the steps we need to cut a release of log4j 1.x ?
>> - establish an
Sent from my iPhone
> On Dec 21, 2021, at 3:33 AM, Enrico Olivelli wrote:
>
> Vladimir,
> I totally support this proposal.
>
> Which are actually the steps we need to cut a release of log4j 1.x ?
> - establish an Apache project ?
> - do the fix
> - cut a release
>
> Can this be done
Hi,
Have you discussed the approach you outlined with the logging PMC? It seems to
me the idea of a drop in jar that allows log4j 1 over log4j 2 is an ideal
product for that PMC to support.
All the best,
Dave
Sent from my iPhone
> On Dec 21, 2021, at 8:22 PM, 张铎 wrote:
>
> I'm the one
I'm the one who migrated HBase from log4j to log4j2, and still tries to
migrate hadoop but still can not find a suitable upgrading path...
For me, I do not prefer we release a new log4j 1.x, it has been EOL for
many years, we should encourage people to upgrade to a newer logging
framework. FWIW,
> as for the v1 :: COBOL analogy, that’s not a bad comparison. Basically,
users who haven’t bothered to upgrade in 10 years will have to end up
paying astronomical costs for consultants who can still work on ancient
software effectively to help modify their systems.
I have to take some exception
Nobody in the Logging PMC is blocking a release here. What we don’t want is to
falsely advertise that v1 is still under development. We already have a huge
increase in mailing list, PR, and other traffic ever since Log4Shell, and if we
resurrect v1, then it’ll quickly become impossible to keep
Le mar. 21 déc. 2021 à 12:33, Enrico Olivelli a
écrit :
> Vladimir,
> I totally support this proposal.
>
> Which are actually the steps we need to cut a release of log4j 1.x ?
> - establish an Apache project ?
>
1. Send a patch to apply on
http://svn.apache.org/repos/asf/logging/log4j/trunk
>
Vladimir,
I totally support this proposal.
Which are actually the steps we need to cut a release of log4j 1.x ?
- establish an Apache project ?
- do the fix
- cut a release
Can this be done inside another Apache Project who "adopts" the log4j
sources if the Logging Project doesn't want to do it
14 matches
Mail list logo
