You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@logging.apache.org by pk...@apache.org on 2023/01/03 18:47:00 UTC
[logging-log4j1] branch security created (now 1ca611a6)
This is an automated email from the ASF dual-hosted git repository.
pkarwasz pushed a change to branch security
in repository https://gitbox.apache.org/repos/asf/logging-log4j1.git
at 1ca611a6 Helps automatic detection of security policy
This branch includes the following new commits:
new 1ca611a6 Helps automatic detection of security policy
The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
[logging-log4j1] 01/01: Helps automatic detection of security policy
Posted by pk...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
pkarwasz pushed a commit to branch security
in repository https://gitbox.apache.org/repos/asf/logging-log4j1.git
commit 1ca611a68b71552550e1aa4db3cccbaa75929322
Author: Piotr P. Karwasz <pi...@karwasz.org>
AuthorDate: Tue Jan 3 19:46:07 2023 +0100
Helps automatic detection of security policy
---
SECURITY.md | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..aeec891a
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,13 @@
+# Security Policy
+
+## Supported Versions
+
+Since Log4j 1.2 reached end of life in 2015 (cf.
+[announcement](http://blogs.apache.org/foundation/entry/apache_logging_services_project_announces)) **no** version of
+Log4j 1.2 is currently supported. Users are encouraged to migrate to [Apache
+Log4j2](https://logging.apache.org/log4j/2.x/manual/migration.html).
+
+## Past Vulnerabilities
+
+See [Apache Log4j 1.2 Security Vulnerabilities](https://logging.apache.org/log4j/1.2/).
+