You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@logging.apache.org by pk...@apache.org on 2023/01/03 18:47:01 UTC

[logging-log4j1] 01/01: Helps automatic detection of security policy

This is an automated email from the ASF dual-hosted git repository.

pkarwasz pushed a commit to branch security
in repository https://gitbox.apache.org/repos/asf/logging-log4j1.git

commit 1ca611a68b71552550e1aa4db3cccbaa75929322
Author: Piotr P. Karwasz <pi...@karwasz.org>
AuthorDate: Tue Jan 3 19:46:07 2023 +0100

    Helps automatic detection of security policy
---
 SECURITY.md | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..aeec891a
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,13 @@
+# Security Policy
+
+## Supported Versions
+
+Since Log4j 1.2 reached end of life in 2015 (cf.
+[announcement](http://blogs.apache.org/foundation/entry/apache_logging_services_project_announces)) **no** version of
+Log4j 1.2 is currently supported. Users are encouraged to migrate to [Apache
+Log4j2](https://logging.apache.org/log4j/2.x/manual/migration.html).
+
+## Past Vulnerabilities
+
+See [Apache Log4j 1.2 Security Vulnerabilities](https://logging.apache.org/log4j/1.2/).
+