Releases: logpresso/CVE-2021-44228-Scanner
Releases · logpresso/CVE-2021-44228-Scanner
2.3.0 Release
- Detect also shaded Log4j 1.x and Log4j 2.x JAR files. See #146
- Support NAR extension. (Apache NiFi archive file).
- Contributed by arykov
2.2.2 Release
- Fix also Log4j1 JAR files with
--scan-log4j1
and--fix
options. See #143- JMSAppender.class, SocketServer.class, SMTPAppender.class, SMTPAppender$1.class will be removed.
- You should make sure that your application is not using JMS or SocketServer logging facility before patch.
- Compress JAR files if it doesn't have any nested JAR files. See #93
2.2.1 Release
- Added CVE-2021-45105 (log4j 2.16.0) detection. See #142
- Enhanced WinRAR magic detection. See #104
2.2.0 Release
- Added
--scan-logback
option to detect CVE-2021-42550 vulnerability.
2.1.4 Release
2.1.3 Release
2.1.2 Release
- Fixed infinite junction traversal in PowerShell remoting scenario.
- e.g.
Invoke-Command -ComputerName XERAPH -ScriptBlock {&C:\log4j2-scan.exe --trace --drives C}
- Be aware that native-image build argument is changed.
- e.g.
2.1.1 Release
- Redefined exit code
- -1 failed to run
- 0 for clean (No vulnerability)
- 1 for found
- 2 for some errors
- Use
--old-exit-code
for legacy automation.
- Ignore network drives for
--all-drives
on Windows. - Added
--no-empty-report
option.
2.1.0 Release
2.0.0 Release
- Support Log4j 1.x CVE-2021-4104 vulnerability scanning using
--scan-log4j1
option.- Contributed by ChKemper (Christian Kemper)