Dominik> There are fixes for the flaws of log4j1 available: migrate to log4j2
How does migration help me if I want to get 1.x fixed? log4j2 is a different product, created by a different team. Why should I migrate to log4j2 at all? Dominik>Is there a concrete need for log4j1 to be patched 1. I request to get log4j 1.x patched. I can't show my code as it is under NDA, so you have to trust me here. 2. Enrico Olivelli: https://lists.apache.org/thread/llgp7b9v1t081o3215o7xq4zpct1x0b4 3. 张铎(Duo Zhang): https://lists.apache.org/thread/j8dzoymo5z26sl08o3mvdf0353shcl2m 4. Andrew Purtell: https://lists.apache.org/thread/kv71f8vrqrhn6tlotqg76gz6khjs11vh and so on. Do you know migration to 2.x is not a drop-in replacement? It might require code or non-trivial configuration changes? For instance, if the application extends 1.x appenders, implements non-trivial re-configuration logic, then it can't upgrade to 2.x in a matter of days or weeks. Vladimir