Skip to content

Add versioning and support policy information#3341

Merged
ppkarwasz merged 8 commits into2.xfrom
doc/2.x/versioning
Dec 29, 2025
Merged

Add versioning and support policy information#3341
ppkarwasz merged 8 commits into2.xfrom
doc/2.x/versioning

Conversation

@ppkarwasz
Copy link
Copy Markdown
Contributor

@ppkarwasz ppkarwasz commented Dec 30, 2024

This PR adds information about the support status of various Apache Log4j releases.

Related to #1867

vy
vy requested changes Jan 2, 2025
View reviewed changes
@ppkarwasz
docs: Add versioning and support policy documentation
cfdb98b 
This PR introduces a new `versioning` page under *Support* that summarizes the support status of Apache Log4j releases and documents the long-standing project policy:

* Log4j follows semantic versioning.
* Only the latest minor of the latest major receives patch releases for bug and security fixes.
* Vulnerability reports are accepted for **all** `2.x` releases.
* Log4j `1.x` is EOL and no longer accepts vulnerability reports.

Related to #1867
Fixes #3988
@ppkarwasz
Copy link
Copy Markdown
Contributor Author

ppkarwasz commented Dec 5, 2025

Closes #3988

@vy, sorry for the force push, but this PR has been opened for so long that I totally forgot it was already submitted.

@ppkarwasz ppkarwasz requested a review from vy December 5, 2025 13:00
FreeAndNil
FreeAndNil approved these changes Dec 5, 2025
View reviewed changes
Copy link
Copy Markdown

@FreeAndNil FreeAndNil left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

vy
vy requested changes Dec 8, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@vy vy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I haven't reviewed the most recent changes yet. But in its current state, it creates yet another page that needs to be updated during a release, and we should not merge this without reflecting this on the release instructions.

Can we programmatically populate this content? Reuse some existing properties in pom.xml? (Adding yet another property to pom.xml that needs to be manually updated during a release is not a better option.)

@ppkarwasz
Copy link
Copy Markdown
Contributor Author

ppkarwasz commented Dec 8, 2025

I added more precise release instructions in apache/logging-parent#453, but lifecycle documentation can’t really be automated today. Lifecycle events (endOfDevelopment, endOfSupport, endOfLife) depend on PMC policy decisions and must be applied manually by the release manager.

ATR will simplify this in the future (see apache/tooling-trusted-releases#183), so adding project-specific automation now doesn’t seem worthwhile.

The Log4j release automation you built has saved days of work across a dozen releases and is finally paying off. Automating lifecycle information would offer far smaller benefits.

vy
vy approved these changes Dec 26, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@vy vy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've tried to shorten the content (e.g., no need to list versions in the policy page) and fixed/improved some typesetting. I still think this is a maintenance burden for a feature that no user has asked for. If it happens to be forgotten during a release, I trust that @FreeAndNil and @ppkarwasz will volunteer to fix it.

@vy vy mentioned this pull request Dec 26, 2025
Closed
@ppkarwasz
Copy link
Copy Markdown
Contributor Author

ppkarwasz commented Dec 29, 2025

@vy,

Yes, I will update this page if we forget to update it during a release.

Next year I plan to integrate our release process with Apache Trusted Releases, which will allow us to automate this page too.

ppkarwasz
ppkarwasz commented Dec 29, 2025
View reviewed changes
@ppkarwasz ppkarwasz enabled auto-merge (squash) December 29, 2025 11:49
@ppkarwasz ppkarwasz merged commit 8abfdfc into 2.x Dec 29, 2025
5 checks passed
@ppkarwasz ppkarwasz deleted the doc/2.x/versioning branch December 29, 2025 12:08
@github-project-automation github-project-automation bot moved this from To triage to Done in Log4j bug tracker Dec 29, 2025
ppkarwasz added a commit that referenced this pull request Dec 29, 2025
@ppkarwasz @vy
Add versioning and support policy information (#3341)
f0055d6 
This PR introduces a new `versioning` page under *Support* that summarizes the support status of Apache Log4j releases and documents the long-standing project policy:

* Log4j follows semantic versioning.
* Only the latest minor of the latest major receives patch releases for bug and security fixes.
* Vulnerability reports are accepted for **all** `2.x` releases.
* Log4j `1.x` is EOL and no longer accepts vulnerability reports.

Related to #1867
Fixes #3988

Co-authored-by: Volkan Yazıcı <volkan@yazi.ci>
ppkarwasz added a commit that referenced this pull request Mar 25, 2026
@ppkarwasz @vy
Add versioning and support policy information (#3341)
0881bc5 
This PR introduces a new `versioning` page under *Support* that summarizes the support status of Apache Log4j releases and documents the long-standing project policy:

* Log4j follows semantic versioning.
* Only the latest minor of the latest major receives patch releases for bug and security fixes.
* Vulnerability reports are accepted for **all** `2.x` releases.
* Log4j `1.x` is EOL and no longer accepts vulnerability reports.

Related to #1867
Fixes #3988

Co-authored-by: Volkan Yazıcı <volkan@yazi.ci>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vy vy vy approved these changes

@FreeAndNil FreeAndNil FreeAndNil approved these changes

Assignees

No one assigned

Labels

None yet

Projects

Log4j bug tracker
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ppkarwasz @vy @FreeAndNil