It didn't take too long, and as long as the original author of the metrics stuff in tika-server isn't too concerned about breaking changes, let's hope for the best. Log4j 1.x is so far beyond its EOL, it is embarrassing.
I think we should keep the 1.x branch open for security upgrades for a bit...middle of next year? I have _not_ been adding new features or even some bug fixes to 1.x, and I encourage people to migrate to 2.x. What do others think? On Tue, Dec 14, 2021 at 8:05 PM Luís Filipe Nassif <lfcnas...@gmail.com> wrote: > > Sorry about the additional work, Tim. I thought upgrading from log4j-1.x to > 2.x on Tika-1.x maybe could not be that hard and didn't know about breaking > changes. > > Related to Eric's email, would we support Tika-1.x security updates for > some while (that was my intent with the proposal above)? Was this already > discussed? > > Best regards, > Luis Filipe > > > > Em seg., 13 de dez. de 2021 às 17:23, Tim Allison <talli...@apache.org> > escreveu: > > > Yes. That was the reasoning behind my -0. I don't think this will > > destroy our resources, but yes, please do migrate to 2.x asap. > > > > > > On Mon, Dec 13, 2021 at 3:13 PM Eric Pugh > > <ep...@opensourceconnections.com> wrote: > > > > > > Isn’t the goal of Tika 2 to mean that we no longer work on Tika 1? > > Does the Tika community have enough developer bandwidth to continue to > > maintain Tika 1 while also pushing forward on Tika 2? > > > > > > I worry that we’ll fall into that situation where people just end up > > using Tika 1 for forever, especially if there are new updates to it that > > are happening, which then encourages folks not to move to Tika 2. > > > > > > > > > > > > > > > > On Dec 13, 2021, at 2:49 PM, Tim Allison <talli...@apache.org> wrote: > > > > > > > > Sounds like 2 +1 to my -0. :D I'll start working on this now. > > > > > > > > On Mon, Dec 13, 2021 at 2:09 PM Nicholas DiPiazza > > > > <nicholas.dipia...@gmail.com> wrote: > > > >> > > > >> I prefer upgrade to log4j2 > > > >> > > > >> On Mon, Dec 13, 2021, 12:05 PM Tim Allison <talli...@apache.org> > > wrote: > > > >> > > > >>> All, > > > >>> I'm currently in the process of building the rc1 for Tika 2.x. On > > > >>> TIKA-3616, Luís Filipe Nassif asked if we could upgrade log4j to > > > >>> log4j2 in the 1.x branch. I think we avoided that because it would > > be > > > >>> a breaking change(?). There are security vulns in log4j and it hit > > > >>> EOL > > > >>> in August 2015. > > > >>> Should we upgrade the Tika 1.x branch for log4j2? > > > >>> > > > >>> Best, > > > >>> > > > >>> Tim > > > >>> > > > >>> > > > >>> [1] > > > >>> > > https://issues.apache.org/jira/browse/TIKA-3616?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17457595#comment-17457595 > > > >>> > > > > > > _______________________ > > > Eric Pugh | Founder & CEO | OpenSource Connections, LLC | 434.466.1467 | > > http://www.opensourceconnections.com < > > http://www.opensourceconnections.com/> | My Free/Busy < > > http://tinyurl.com/eric-cal> > > > Co-Author: Apache Solr Enterprise Search Server, 3rd Ed < > > https://www.packtpub.com/big-data-and-business-intelligence/apache-solr-enterprise-search-server-third-edition-raw > > > > > > This e-mail and all contents, including attachments, is considered to be > > Company Confidential unless explicitly stated otherwise, regardless of > > whether attachments are marked as such. > > > > >
