Receiving Support from the Sovereign Tech Fund

For a long time, Apache Log4j has thrived through the dedication and contributions of our community, relying mostly on unpaid volunteers. Today, we’re excited to announce a pivotal moment in our journey – the Sovereign Tech Fund (STF) has chosen to support us for the further development of specific Log4j projects.

The STF, known for its commitment to critical projects (Sovereign Tech Fund), recognizes the significance of Log4j in the global tech landscape. This support is a testament to the essential role Log4j plays in the IT infrastructure.

Focused Development and Security Enhancement

We’re honored that three of our maintainers - Christian Grobmeier, Piotr Karwasz, and Volkan Yazıcı - are being supported through this initiative. Collaborating closely with the Project Management Committee (PMC), their focus will be on enhancing security, elevating code quality, and adding new, advanced features.

We have already made significant progress: implemented a CI-based release pipeline, modernized the code base and dependencies, started publishing Software Bill of Materials (SBOM) and Vulnerability Disclosure Report (VDR) for released artifacts, and several other enhancements. This funding will also enable us to substantially improve our documentation, tests, and overall stability.

Broadening Our Horizons

This is an extraordinary opportunity for Log4j and the Logging Services team. It enables us to refine our library, making it more user-friendly and maintaining our position as a leading logging solution. Our team’s size and expertise allow us to respond swiftly to security issues. With the STF’s support, we can further enhance the security and stability that enterprises and our diverse user base have come to expect from us.

Without this funding, many of these improvements would not have been feasible. It marks a significant leap in our ability to serve the community and contribute to the open-source ecosystem.

Acknowledgments and Future Endeavors

On a personal note, we would like to extend our gratitude to the (InÖG) for their pivotal role in facilitating these developments. As they made us aware of the STF during our participation in their remarkable project “Buntes Bug Bounty” program, a commendable open source project to bolster software security (Dialog-Cybersicherheit) in Germany.

As we embark on this new chapter, we invite the global tech community to join us in celebrating this milestone. Your support and contributions have brought us here, and together, we’ll continue to strengthen the foundation of digital infrastructure for a safer, more robust technological future.