Skip to content

Releases: fox-it/log4j-finder

log4j-finder v1.2.0

20 Dec 09:20
944d738
Compare
Choose a tag to compare

Notable changes

  • Added Log4j 2.17.0 detection, versions lower than this is marked as VULNERABLE
  • Detect removal of JndiLookup.class, will show up as PATCHED
  • Fix bug in nested zip handling for some Python versions (could occur in Python < 3.7)
  • Hostname is now added to the output, and there is an new option -q, --quiet to suppress summary and banner.
  • It now also processes .zip files
  • You can now exclude files or directories by using the --exclude option, eg: --exclude /mnt/media/*

What's Changed

  • Add CVE-2021-45046 to the README by @lmorg in #9
  • Show patched .jar files as PATCHED (removal of JndiLookup.class) by @yunzheng in #15
  • Update README.md with instructions for creating PyInstaller executables by @yunzheng in #17
  • Add -V/--version argument to print program version by @yunzheng in #21
  • Add hostname to output and refactored parts of script by @yunzheng in #23
  • Don't use zipfile.Path to remain compatible with Python 3.6 by @yunzheng in #25
  • Added "How it works" section to README.md by @yunzheng in #28
  • Added note to install Python 3.8.10 for Windows 7 compatibility by @yunzheng in #29
  • Fixing scanning issue of jars inside war files by @dariux in #22
  • Fallback to BytesIO only when needed regarding ZipFile nested zips by @yunzheng in #33
  • Remove incorrect has_lookup=False for JndiLookup.class by @yunzheng in #36
  • Add ability to exclude files and directories by @mjsalmi in #34
  • Fix zip internal path issue on Windows by @KrisJanssen in #37
  • Revert "Remove incorrect has_lookup=False for JndiLookup.class" by @yunzheng in #39
  • Added MIT License by @yunzheng in #41
  • Added missing log4j 2.12.2 MD5 hash by @yunzheng in #42
  • Added log4j 2.17.0 hash and mark as the only good version (CVE-2021-45105) by @yunzheng in #43
  • Fixed files and directory stats by @yunzheng in #46
  • Output log4j-finder and Python version to debug and info logging by @yunzheng in #47
  • Add support for processing files with .zip extension by @yunzheng in #48
  • Don't resolve() Path objects so relative scans paths show up relative by @yunzheng in #53

New Contributors

Full Changelog: v1.0.1...v1.2.0

log4j-finder v1.0.1

15 Dec 10:18
52c6e2a
Compare
Choose a tag to compare

What's Changed

New Contributors

Full Changelog: v1.0.0...v1.0.1

log4j-finder v1.0.0

14 Dec 19:50
Compare
Choose a tag to compare

Release of log4j-finder with Pyinstaller builds for Windows and Linux. So it can easily run on systems without Python 3.

What's Changed

  • Add GitHub actions to generate pyinstaller binaries for windows and linux by @taufderl in #1

New Contributors

Full Changelog: https://github.com/fox-it/log4j-finder/commits/v1.0.0