On Mon, Apr 8, 2024 at 1:11 PM Apache <ralph.go...@dslextreme.com> wrote:
> My opinion is to drop it from 3.0.0. 2.x is going to live a long time still. > By the time it dies Log4J 1.x will have been dead well over 15 years, maybe > even 20. That would give users plenty of time to be aware that they need to > plan to upgrade. How long ago was it, that all these JNDI, and JMS related issues where found? Yes, three years. And I remember very well, how customers basically stormed my employers house, because some ancient code (which should have been updated years ago) is using these "dead" libraries. And, do you remember also, how long it took at the time, to push out 1.2.18? Wait, that was never published? Instead, we have https://github.com/qos-ch/reload4j. Please, just because you think, that you can master these things: Don't assume, that others can. Jochen -- The woman was born in a full-blown thunderstorm. She probably told it to be quiet. It probably did. (Robert Jordan, Winter's heart)
