Releases: fox-it/log4j-finder
Releases · fox-it/log4j-finder
log4j-finder v1.2.0
Notable changes
- Added Log4j 2.17.0 detection, versions lower than this is marked as
VULNERABLE
- Detect removal of
JndiLookup.class
, will show up asPATCHED
- Fix bug in nested zip handling for some Python versions (could occur in Python < 3.7)
- Hostname is now added to the output, and there is an new option
-q
,--quiet
to suppress summary and banner. - It now also processes
.zip
files - You can now exclude files or directories by using the
--exclude
option, eg:--exclude /mnt/media/*
What's Changed
- Add
CVE-2021-45046
to the README by @lmorg in #9 - Show patched .jar files as PATCHED (removal of JndiLookup.class) by @yunzheng in #15
- Update README.md with instructions for creating PyInstaller executables by @yunzheng in #17
- Add -V/--version argument to print program version by @yunzheng in #21
- Add hostname to output and refactored parts of script by @yunzheng in #23
- Don't use zipfile.Path to remain compatible with Python 3.6 by @yunzheng in #25
- Added "How it works" section to README.md by @yunzheng in #28
- Added note to install Python 3.8.10 for Windows 7 compatibility by @yunzheng in #29
- Fixing scanning issue of jars inside war files by @dariux in #22
- Fallback to BytesIO only when needed regarding ZipFile nested zips by @yunzheng in #33
- Remove incorrect has_lookup=False for JndiLookup.class by @yunzheng in #36
- Add ability to exclude files and directories by @mjsalmi in #34
- Fix zip internal path issue on Windows by @KrisJanssen in #37
- Revert "Remove incorrect has_lookup=False for JndiLookup.class" by @yunzheng in #39
- Added MIT License by @yunzheng in #41
- Added missing log4j 2.12.2 MD5 hash by @yunzheng in #42
- Added log4j 2.17.0 hash and mark as the only good version (CVE-2021-45105) by @yunzheng in #43
- Fixed files and directory stats by @yunzheng in #46
- Output log4j-finder and Python version to debug and info logging by @yunzheng in #47
- Add support for processing files with .zip extension by @yunzheng in #48
- Don't resolve() Path objects so relative scans paths show up relative by @yunzheng in #53
New Contributors
- @lmorg made their first contribution in #9
- @dariux made their first contribution in #22
- @mjsalmi made their first contribution in #34
- @KrisJanssen made their first contribution in #37
Full Changelog: v1.0.1...v1.2.0
log4j-finder v1.0.1
What's Changed
- Add colorama to pyinstaller builds for better color support on Windows by @yunzheng in #5
- Mark Log4j 2.15.0 as known vulnerable (CVE-2021-45046) by @yunzheng in #6
- Output scanning stats and version information by @yunzheng in #7
New Contributors
Full Changelog: v1.0.0...v1.0.1
log4j-finder v1.0.0
Release of log4j-finder with Pyinstaller builds for Windows and Linux. So it can easily run on systems without Python 3.
What's Changed
New Contributors
Full Changelog: https://github.com/fox-it/log4j-finder/commits/v1.0.0