From b8013fe78d99798494563b08f0c5eddd8344575d Mon Sep 17 00:00:00 2001 From: "Yang, BongYeol (xeraph)" Date: Mon, 13 Dec 2021 04:51:42 +0900 Subject: [PATCH] Updated version to 1.2.0 with fat jar support --- README.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 74870c2..47dcb87 100644 --- a/README.md +++ b/README.md @@ -1,11 +1,11 @@ ![Logpresso Logo](logo.png) -log4j2-scan is single binary command-line tool for CVE-2021-44228 vulnerability scanning. +log4j2-scan is a single binary command-line tool for CVE-2021-44228 vulnerability scanning and mitigation patch. It also supports nested JAR file scanning and patch. ### Download -* [log4j2-scan 1.1.1 (Windows x64)](https://github.com/logpresso/CVE-2021-44228-Scanner/releases/download/v1.1.1/logpresso-log4j2-scan-1.1.1-win64.7z) -* [log4j2-scan 1.1.1 (Linux x64)](https://github.com/logpresso/CVE-2021-44228-Scanner/releases/download/v1.1.1/logpresso-log4j2-scan-1.1.1-linux.tar.gz) -* [log4j2-scan 1.1.1 (Any OS, 5KB)](https://github.com/logpresso/CVE-2021-44228-Scanner/releases/download/v1.1.1/logpresso-log4j2-scan-1.1.1.jar) +* [log4j2-scan 1.2.0 (Windows x64)](https://github.com/logpresso/CVE-2021-44228-Scanner/releases/download/v1.2.0/logpresso-log4j2-scan-1.2.0-win64.7z) +* [log4j2-scan 1.2.0 (Linux x64)](https://github.com/logpresso/CVE-2021-44228-Scanner/releases/download/v1.2.0/logpresso-log4j2-scan-1.2.0-linux.tar.gz) +* [log4j2-scan 1.2.0 (Any OS, 5KB)](https://github.com/logpresso/CVE-2021-44228-Scanner/releases/download/v1.2.0/logpresso-log4j2-scan-1.2.0.jar) ### How to use Just run log4j2-scan.exe or log4j2-scan with target directory path. @@ -20,7 +20,7 @@ On Linux ``` On UNIX (AIX, Solaris, and so on) ``` -java -jar logpresso-log4j2-scan-1.1.0.jar [--fix] target_path +java -jar logpresso-log4j2-scan-1.2.0.jar [--fix] target_path ``` If you add `--fix` option, this program will copy vulnerable original JAR file to .bak file, and create new JAR file without `org/apache/logging/log4j/core/lookup/JndiLookup.class` entry. In most environments, JNDI lookup feature will not be used. However, you must use this option at your own risk. It is necessary to shutdown any running JVM process before applying patch. Start affected JVM process after fix.