Piotr P. Karwasz
@piotr.karwasz.org
Java & Open Source expert | Apache Software Foundation member | VP Logging Services & Ecma Relations | Father of three wonderful daughters
🚀 Great work, Tatu!
We’ve just upgraded Log4j 3 to use Jackson 3 🎉
👉 github.com/apache/loggi...
Next up: gearing up for a GA release by the end of the year.
Fun fact: Log4j 3 is one year “younger”, branched in 2018, so we are next in line for graduation.
We’ve just upgraded Log4j 3 to use Jackson 3 🎉
👉 github.com/apache/loggi...
Next up: gearing up for a GA release by the end of the year.
Fun fact: Log4j 3 is one year “younger”, branched in 2018, so we are next in line for graduation.
Upgrade Jackson from 2.x to 3.0.0-rc8 by kurtostfeld · Pull Request #3701 · apache/logging-log4j2
Upgrade Jackson from 2.x to 3.0.0-rc5
github.com
October 7, 2025 at 9:04 AM
🚀 Great work, Tatu!
We’ve just upgraded Log4j 3 to use Jackson 3 🎉
👉 github.com/apache/loggi...
Next up: gearing up for a GA release by the end of the year.
Fun fact: Log4j 3 is one year “younger”, branched in 2018, so we are next in line for graduation.
We’ve just upgraded Log4j 3 to use Jackson 3 🎉
👉 github.com/apache/loggi...
Next up: gearing up for a GA release by the end of the year.
Fun fact: Log4j 3 is one year “younger”, branched in 2018, so we are next in line for graduation.
NVD stopped working one year ago. They do not review and enrich CVE records with CPE identifiers any more. They only copy the records from the CVE database.
April 16, 2025 at 5:21 AM
NVD stopped working one year ago. They do not review and enrich CVE records with CPE identifiers any more. They only copy the records from the CVE database.
They might be right: AI will write 90% of the software, but only the remaining 10% will work.
March 15, 2025 at 10:01 PM
They might be right: AI will write 90% of the software, but only the remaining 10% will work.
How do you generate the attestations? I can not find a relevant section in your `release` workflow.
March 5, 2025 at 6:49 PM
How do you generate the attestations? I can not find a relevant section in your `release` workflow.
Is NVD still funded at all?
March 5, 2025 at 1:20 PM
Is NVD still funded at all?
The taximeter was not working either, right? I guess you just got scammed.
February 10, 2025 at 5:32 AM
The taximeter was not working either, right? I guess you just got scammed.
It is interesting to see that 49% of your responders is still experiencing security vulnerabilities from #log4j in 2024. I am really curious what does it mean. Since fixes for all known vulnerabilities are also available for Java 6 and 7, didn't they upgrade in 2021?
February 9, 2025 at 8:04 PM
It is interesting to see that 49% of your responders is still experiencing security vulnerabilities from #log4j in 2024. I am really curious what does it mean. Since fixes for all known vulnerabilities are also available for Java 6 and 7, didn't they upgrade in 2021?