Skip to content

Releases: logpresso/CVE-2021-44228-Scanner

2.3.0 Release

18 Dec 18:26
Compare
Choose a tag to compare
  • Detect also shaded Log4j 1.x and Log4j 2.x JAR files. See #146
  • Support NAR extension. (Apache NiFi archive file).
    • Contributed by arykov

2.2.2 Release

18 Dec 14:54
Compare
Choose a tag to compare
  • Fix also Log4j1 JAR files with --scan-log4j1 and --fix options. See #143
    • JMSAppender.class, SocketServer.class, SMTPAppender.class, SMTPAppender$1.class will be removed.
    • You should make sure that your application is not using JMS or SocketServer logging facility before patch.
  • Compress JAR files if it doesn't have any nested JAR files. See #93

2.2.1 Release

18 Dec 13:22
Compare
Choose a tag to compare

2.2.0 Release

17 Dec 17:55
Compare
Choose a tag to compare

2.1.4 Release

17 Dec 16:43
Compare
Choose a tag to compare
  • Added --report-dir option.
    • Contributed by fbruch
  • Fixed hostname resolving. See #119
    • Contributed by pinacoelho
  • Added -f option to read file path list from stdin or file. See #107

2.1.3 Release

17 Dec 14:50
Compare
Choose a tag to compare
  • Skip WinRAR file without error message. See #104
  • Resolve hostname using /etc/hostname. See #119

2.1.2 Release

17 Dec 13:25
Compare
Choose a tag to compare
  • Fixed infinite junction traversal in PowerShell remoting scenario.
    • e.g. Invoke-Command -ComputerName XERAPH -ScriptBlock {&C:\log4j2-scan.exe --trace --drives C}
    • Be aware that native-image build argument is changed.

2.1.1 Release

17 Dec 10:28
23e6c6f
Compare
Choose a tag to compare
  • Redefined exit code
    • -1 failed to run
    • 0 for clean (No vulnerability)
    • 1 for found
    • 2 for some errors
    • Use --old-exit-code for legacy automation.
  • Ignore network drives for --all-drives on Windows.
  • Added --no-empty-report option.

2.1.0 Release

17 Dec 08:53
Compare
Choose a tag to compare
  • Support NFS exclusion for UNIX machinies. Also exclude Google Drive by default. See #109 , #45
    • From now on, JDK7 is the minimum supported version.
  • Support multiple scan target paths. See #107
  • Fixed infinite directory traversal caused by broken Windows junction. See #110 , #97

2.0.0 Release

17 Dec 07:02
Compare
Choose a tag to compare
  • Support Log4j 1.x CVE-2021-4104 vulnerability scanning using --scan-log4j1 option.
    • Contributed by ChKemper (Christian Kemper)