You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@logging.apache.org by Christian Grobmeier <gr...@apache.org> on 2022/01/05 16:29:09 UTC

[RESULT][VOTE] Future of Log4j 1.x

Hello,
this is the result of the below vote:

11x +1 (Option 1), all binding
1 x +0 (abstaing), non binding
1x -1 (objection against those options), non binding.

Details:

+1, Option 1
Dominik Psenner (binding)
Robert Middleton (binding)
Gary Gregory (binding)
Ralph Goers (binding)
Matt Sicker (binding)
Christian Grobmeier (binding)
Carter Kozak (binding)
Ron Grabowski (binding)
Volkan Yazıcı (binding)
Remko Popma (binding)
Davyd McColl (binding)

+0:
Xeno Amess (non binding)

-1:
Vladimir Sitnikov (non binding)

The PMC decided unanimous to keep Log4 1 EOL.

Since there was a lengthy discussion before and while this, the PMC Chair Ron Grabowski will send a statement which explains the thoughts behind this decision in detail.

Kind regards,
Christian



Hello, 

as discussed in another thread, this is a vote about the future of log4j 1. This vote stays open for the usual 72h.
Options are explained below.

You can vote for:

 [ ] +1, Option 1
 [ ] +1, Option 2
 [ ] +/- 0, abstain
 [ ] -1 object against those options

Option 1: Create a README.md that publishes the projects EOL status and do nothing else.
Option 2: Create a README which says the project is EOL but allow the following work for 1.2.18 AND create a full release:
    a.  Make the build work with a modern version of Maven.
    b.  Fix the Java version bug.
    c.  Fix CVE-2021-4104 (expanded to address all JNDI components)
    d.  Fix CVE-2019-17571

Regards,
Christian
--
The Apache Software Foundation
V.P., Data Privacy