2.4.2 Release

• Reverted 'Detected at' time accidently dropped from csv report file. See #180

2.4.1 Release

• Fixed csv report generation bug with --report-json and --report-path. See #174.
• Alert CVE-2021-45105 fix failure.
  • Error message is Cannot fix CVE-2021-45105, Upgrade it: log4j-core-2.16.0.jar
  • Don't mark as fixed for CVE-2021-45105 report entry.

2.4.0 Release

• Added --report-json option. See #106
  • JSON Report Sample: https://github.com/logpresso/CVE-2021-44228-Scanner/wiki/JSON-Report-Sample
  • Contributed by Afrouper (Christian Kemper)
• Static linked binaries for Linux. See #170
  • Support also Alpine Linux

2.3.7 Release

• Fixed broken NFS detection and added some other file system types. e.g. fuse.sshfs. See #120
• Support --fix for read only file. See #155
  • If patch target file is readonly:
    1. Scanner removes read only attribute of file.
    2. Fix file as usual.
    3. Set read only attribute.

2.3.6 Release

• Added product and cve columns to csv report.

2.3.5 Release

• Fixed count bug for potentially vulnerables of logback and log4j1. See #118

2.3.4 Release

• Print exclude list for --all-drives and --drives mode. See #154
• Reduced ZIP open error only DEFLATED entries can have EXT descriptor. See #153
  • Avoid ZipInputStream for flat ZIP files: https://bugs.openjdk.java.net/browse/JDK-8143613

2.3.3 Release

• Added --zip-charset option. See #153
  • Without --zip-charset option, system default encoding is used if zip entry is not encoded by utf-8.

2.3.2 Release

• Fixed bug that marks log4j2-core-2.17.0 as a potential vulnerability. See #151
  • Contributed by ChKemper (Christian Kemper)

2.3.1 Release

• Added missing (mitigated) tag for log4j 1.x and logback detection. See #143