Skip to content

log4j-finder v1.2.0

Latest
Latest
Compare
Choose a tag to compare
@yunzheng yunzheng released this 20 Dec 09:20
· 8 commits to main since this release
v1.2.0
944d738
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Notable changes

  • Added Log4j 2.17.0 detection, versions lower than this is marked as VULNERABLE
  • Detect removal of JndiLookup.class, will show up as PATCHED
  • Fix bug in nested zip handling for some Python versions (could occur in Python < 3.7)
  • Hostname is now added to the output, and there is an new option -q, --quiet to suppress summary and banner.
  • It now also processes .zip files
  • You can now exclude files or directories by using the --exclude option, eg: --exclude /mnt/media/*

What's Changed

  • Add CVE-2021-45046 to the README by @lmorg in #9
  • Show patched .jar files as PATCHED (removal of JndiLookup.class) by @yunzheng in #15
  • Update README.md with instructions for creating PyInstaller executables by @yunzheng in #17
  • Add -V/--version argument to print program version by @yunzheng in #21
  • Add hostname to output and refactored parts of script by @yunzheng in #23
  • Don't use zipfile.Path to remain compatible with Python 3.6 by @yunzheng in #25
  • Added "How it works" section to README.md by @yunzheng in #28
  • Added note to install Python 3.8.10 for Windows 7 compatibility by @yunzheng in #29
  • Fixing scanning issue of jars inside war files by @dariux in #22
  • Fallback to BytesIO only when needed regarding ZipFile nested zips by @yunzheng in #33
  • Remove incorrect has_lookup=False for JndiLookup.class by @yunzheng in #36
  • Add ability to exclude files and directories by @mjsalmi in #34
  • Fix zip internal path issue on Windows by @KrisJanssen in #37
  • Revert "Remove incorrect has_lookup=False for JndiLookup.class" by @yunzheng in #39
  • Added MIT License by @yunzheng in #41
  • Added missing log4j 2.12.2 MD5 hash by @yunzheng in #42
  • Added log4j 2.17.0 hash and mark as the only good version (CVE-2021-45105) by @yunzheng in #43
  • Fixed files and directory stats by @yunzheng in #46
  • Output log4j-finder and Python version to debug and info logging by @yunzheng in #47
  • Add support for processing files with .zip extension by @yunzheng in #48
  • Don't resolve() Path objects so relative scans paths show up relative by @yunzheng in #53

New Contributors

Full Changelog: v1.0.1...v1.2.0

Contributors

yunzheng, dariux, and 3 other contributors
Assets 8
Loading
0 Join discussion