Skip to content

v1.13-20211228
Compare
Choose a tag to compare
@HynekPetrak HynekPetrak released this 28 Dec 02:47
· 82 commits to main since this release
v1.13
2b30e61

Version 1.13

Do not use version 1.11 and 1.12. They may corrupt .jar archives with --fix command

  • Added additional possible "JAR" file extensions.
  • Fixed bug: --fix command could corrupt .jar archives.
  • minor fix: status for 2.12.2 as NOTOKAY
  • added --fix parameter with attempt to fix the vulnerability by renaming JndiLookup.class to JndiLookup.vulne.
    At the moment it can handle .class files on disk and within 1st level archives.
    Class cannot be renamed in archives imbedded in other archives (nested).
Assets 4
Loading