Become a sponsor to Matt Sicker
Apache Log4j2 is a logging library and logging API facade for Java with API adapters for Scala and Kotlin. Log4j is widely used throughout the world, though the core maintainers consist of a few active volunteers, none of which are sponsored by any companies to do so.
Log4j was subject to a devastating security vulnerability in the end of 2021. This security vulnerability may have been discovered much sooner given sufficient sponsorship to perform deeper security audits of the codebase. Sponsorship would help to invest more time in security review and other maintenance tasks to keep Log4j supporting future versions of Java.
$5 a month
SelectGet a Sponsor badge on your profile
$10 a month
SelectThis value represents refactoring code, important to make Log4j more maintainable, but doesn't introduce new functionalities.
$20 a month
SelectThis value represents increasing code coverage and health, to prevent regression in future releases.
It also implies keeping our CI server blue (or green) at all time and start analyzing once builds become unstable or start to fail.
$50 a month
SelectThis value represents accepting Pull Requests. Quite often this means analyzing the issue and the fix. Most PRs don't have any tests, so it is also about guiding contributors or completing the PRs. Analyzing the security impact of changes may also be relevant.
$100 a month
SelectThis value represents maintaining and improving plugins and library modules. In most cases there's just a ticket in Jira, the rest of the work still needs to be done.
$500 a month
SelectThis value represents maintaining Log4j Core. There are only a few who dare to touch this part of Log4j. It consists of core logging functionality, the plugin system, the configuration system, and other high impact areas of Log4j. Preserving levels of sufficient backward compatibility can introduce challenges.