OK. We will look into this but you have to understand the priority of this is lower for us than getting all the Log4j 2 issues resolved. We are still swamped.
Ralph > On Dec 14, 2021, at 8:03 AM, Vladimir Sitnikov <sitnikov.vladi...@gmail.com> > wrote: > >> How would we then be able to ever release a log4j-1.2.19 jar if we find >> another security vulnerability? > > I hope 1.2.19 won't be needed ;) > >> I believe that 1.2.17 targets Java 1.4(!) > > Java 1.8 can target 1.4 bytecode. > >> Also, I think we can consider not supporting any appenders that require >> native code > > I'm not sure what to do with native code. > It might be ok to drop the native appenders as well, as the overlap of > those who use it and > who can't upgrade and who needs a fix at the same time is probably close to > zero. > > Vladimir
