GitHub user ppkarwasz added a comment to the discussion: log4j-1.2.13.jar substitution in v.2.17.1
Reload4j is a **valid temporary** replacement for Log4j 1, and I can certainly recommend it for that purpose. While it introduces some breaking changes compared to Log4j `1.2.17`, it is **99% binary compatible** with it, making it a suitable choice for immediate mitigation. For completeness, there are other maintained forks of Log4j 1: - Versions of Log4j 1 available in the [JBoss Enterprise Maven Repository](https://access.redhat.com/maven-repository), such as `1.2.17.redhat-00008`. - Versions available in the [Atlassian Maven Repository](https://developer.atlassian.com/server/framework/atlassian-sdk/atlassian-maven-repositories-2818705/), like `1.2.17-atlassian-18`. Although the release notes for these versions are not publicly available, it’s likely that they address some, if not all, of the known vulnerabilities in the official `1.2.17 `release. If you're an Atlassian or Red Hat customer, it’s worth reaching out to their technical support for more information. GitHub link: https://github.com/apache/logging-log4j2/discussions/3656#discussioncomment-13143017 ---- This is an automatically sent email for dev@logging.apache.org. To unsubscribe, please send an email to: dev-unsubscr...@logging.apache.org
