Releases: logpresso/CVE-2021-44228-Scanner
Releases · logpresso/CVE-2021-44228-Scanner
1.2.5 Release
Fixed broken directory traversal on Windows (caused by symbolic link skipping), See #23 (comment)
1.2.4 Release
- Skip /proc and /sys directories. See #25
- Fixed infinite loop caused by symbolic link. See #25
- Fixed backup failure in symbolic link scenario. See #23
- Fixed version uses copy instead of rename to keep inode number.
- Fixed version truncates original file to 0 and rewrite JAR file using backup file.
1.2.3 Release
- Added
--force-fix option for automation. See #14
- Print error message if patch is failed. See #13
- Support also Java EE
.ear file. See #10
1.2.2 Release
- Added
--trace option for diagnose. See #9
- Added WAR support. See #10
1.2.1 Release
Fixed vulnerability summary report. See #8
1.2.0 Release
- Support nested jar detection and mitigation patch (spring fat jar). See #3
- Fixed OOB caused by major.minor version format (e.g. 2.0). See #4
- Fixed exception handling of user input. See #5
1.1.1 Release
Fixed vulnerable version check. See #1
1.1.0 Release
Added --fix option to immediate mitigation patch. Use it at your own risk.
1.0.1 Release
Added mitigation check.
- Check if org/apache/logging/log4j/core/lookup/JndiLookup.class is removed.
- Added
(mitigated) tag to message.
