Skip to content

Add versioning and support policy information #3341

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ppkarwasz merged 8 commits into from
Dec 29, 2025
Merged

Add versioning and support policy information #3341

ppkarwasz merged 8 commits into from
Dec 29, 2025
+442 −7

Conversation

@ppkarwasz
Copy link
Contributor

@ppkarwasz ppkarwasz commented Dec 30, 2024

This PR adds information about the support status of various Apache Log4j releases.

Related to #1867

vy
vy requested changes Jan 2, 2025
View reviewed changes
@ppkarwasz
docs: Add versioning and support policy documentation
cfdb98b 
This PR introduces a new `versioning` page under *Support* that summarizes the support status of Apache Log4j releases and documents the long-standing project policy:

* Log4j follows semantic versioning.
* Only the latest minor of the latest major receives patch releases for bug and security fixes.
* Vulnerability reports are accepted for **all** `2.x` releases.
* Log4j `1.x` is EOL and no longer accepts vulnerability reports.

Related to #1867
Fixes #3988
@ppkarwasz
Copy link
Contributor Author

ppkarwasz commented Dec 5, 2025

Closes #3988

@vy, sorry for the force push, but this PR has been opened for so long that I totally forgot it was already submitted.

@ppkarwasz ppkarwasz requested a review from vy December 5, 2025 13:00
FreeAndNil
FreeAndNil approved these changes Dec 5, 2025
View reviewed changes
Copy link

@FreeAndNil FreeAndNil left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

vy
vy requested changes Dec 8, 2025
View reviewed changes
Copy link
Member

@vy vy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I haven't reviewed the most recent changes yet. But in its current state, it creates yet another page that needs to be updated during a release, and we should not merge this without reflecting this on the release instructions.

Can we programmatically populate this content? Reuse some existing properties in pom.xml? (Adding yet another property to pom.xml that needs to be manually updated during a release is not a better option.)

@ppkarwasz
Copy link
Contributor Author

ppkarwasz commented Dec 8, 2025

I added more precise release instructions in apache/logging-parent#453, but lifecycle documentation can’t really be automated today. Lifecycle events (endOfDevelopment, endOfSupport, endOfLife) depend on PMC policy decisions and must be applied manually by the release manager.

ATR will simplify this in the future (see apache/tooling-trusted-releases#183), so adding project-specific automation now doesn’t seem worthwhile.

The Log4j release automation you built has saved days of work across a dozen releases and is finally paying off. Automating lifecycle information would offer far smaller benefits.

vy
vy approved these changes Dec 26, 2025
View reviewed changes
Copy link
Member

@vy vy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've tried to shorten the content (e.g., no need to list versions in the policy page) and fixed/improved some typesetting. I still think this is a maintenance burden for a feature that no user has asked for. If it happens to be forgotten during a release, I trust that @FreeAndNil and @ppkarwasz will volunteer to fix it.

@vy vy mentioned this pull request Dec 26, 2025
Closed
@ppkarwasz
Copy link
Contributor Author

ppkarwasz commented Dec 29, 2025

@vy,

Yes, I will update this page if we forget to update it during a release.

Next year I plan to integrate our release process with Apache Trusted Releases, which will allow us to automate this page too.

ppkarwasz
ppkarwasz commented Dec 29, 2025
View reviewed changes
@ppkarwasz ppkarwasz enabled auto-merge (squash) December 29, 2025 11:49
@ppkarwasz ppkarwasz merged commit 8abfdfc into 2.x Dec 29, 2025
5 checks passed
@ppkarwasz ppkarwasz deleted the doc/2.x/versioning branch December 29, 2025 12:08
@github-project-automation github-project-automation bot moved this from To triage to Done in Log4j bug tracker Dec 29, 2025
ppkarwasz added a commit that referenced this pull request Dec 29, 2025
@ppkarwasz @vy
Add versioning and support policy information (#3341)
f0055d6 
This PR introduces a new `versioning` page under *Support* that summarizes the support status of Apache Log4j releases and documents the long-standing project policy:

* Log4j follows semantic versioning.
* Only the latest minor of the latest major receives patch releases for bug and security fixes.
* Vulnerability reports are accepted for **all** `2.x` releases.
* Log4j `1.x` is EOL and no longer accepts vulnerability reports.

Related to #1867
Fixes #3988

Co-authored-by: Volkan Yazıcı <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vy vy vy approved these changes

@FreeAndNil FreeAndNil FreeAndNil approved these changes

Assignees

No one assigned

Labels

None yet

Projects

Log4j bug tracker
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ppkarwasz @vy @FreeAndNil