GitHub user ppkarwasz added a comment to the discussion: log4j version 2.17.1
> Could you please confirm if Log4j version 2.17.1 is supported? Whether we "support" Log4j version `2.17.0` depends on how you define "support," so let’s break it down: - We **no longer** maintain the `2.17.x` minor version. Only the latest release within the `2.x` series receives updates — including security fixes. If a vulnerability is discovered, you'll need to upgrade to the latest `2.x` version or patch `2.17.x` yourself. - We do **not** accept bug reports for `2.17.x`. All issues must be reproducible in the latest available version. - We **do** accept security vulnerability reports affecting `2.17.x`, and we will publish a security advisory if needed. However, as noted above, we will not release new patches for the `2.17.x` line. - [**Community support**](https://logging.apache.org/support.html#discussions-user) remains **available** on a best-effort basis. We even occasionally answer questions about Log4j 1.x — if someone remembers how it worked! - For guaranteed support with SLAs, some companies offer [**commercial support**](https://logging.apache.org/support.html#commercial) for Log4j. GitHub link: https://github.com/apache/logging-log4j2/discussions/3679#discussioncomment-13212261 ---- This is an automatically sent email for dev@logging.apache.org. To unsubscribe, please send an email to: dev-unsubscr...@logging.apache.org
