Skip to content

Commit

Permalink
GP-0 Updated WhatsNew and ChangeHistory for 10.1 release
Browse files Browse the repository at this point in the history
  • Loading branch information
ghidra1 committed Dec 10, 2021
1 parent 2413fa2 commit 2fcf0d2
Show file tree
Hide file tree
Showing 2 changed files with 36 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ <H1 align="center">Ghidra 10.1 Change History (December 2021)</H1>
<li><I>API</I>. Updated API methods of the DataTypeChooserDialog. (GP-1349, Issue #3140)</li>
<li><I>Basic Infrastructure</I>. Symbol performance in Ghidra was significantly improved. Specifically, new database indexes were created to improve finding primary symbols as well as improving lookups by combinations of name, namespace, and address. (GP-1082)</li>
<li><I>Basic Infrastructure</I>. Added optional columns in the Functions table for several boolean-valued function attributes. (GP-1393)</li>
<li><I>Basic Infrastructure</I>. Upgraded log4j dependency from 2.12.1 to 2.15.0 to resolve a security vulnerability. (GP-1588)</li>
<li><I>Build</I>. Extension builds can now declare jar dependencies from standard Gradle repositories such as Maven Central. (GP-1144, Issue #2219, #2226)</li>
<li><I>Build</I>. Increased minimum supported Gradle version from 6.0 to 6.4. (GP-1521, Issue #3650)</li>
<li><I>Data Types</I>. Added support for zero-element arrays and zero-length components within structures and unions. Eliminated flex-array API methods and added/improved other Structure methods to handle multiple components which share the same offset. (GP-943)</li>
Expand Down
35 changes: 35 additions & 0 deletions Ghidra/Configurations/Public_Release/src/global/docs/WhatsNew.html
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,41 @@ <H1>What's new in Ghidra 10.1</H1>

<H2>The not-so-fine print: Please Read!</H2>

<P><span style="color:#FF0000">WARNING:</span> There has been a published CVE security vulnerability noted in Ghidra dependencies within two log4j jar files.
We strongly encourage anyone using previous versions of Ghidra or a build from source, to remediate this issue by either upgrading
to the latest Ghidra 10.1 version, or patching your current version.</P>

<P>
To patch your current Ghidra installation, delete:
<BLOCKQUOTE><UL>
<li>Ghidra/Framework/Generic/lib/log4j-api-2.12.1.jar</li>
<li>Ghidra/Framework/Generic/lib/log4j-core-2.12.1.jar</li>
</UL></BLOCKQUOTE>
</P>

<P>
and replace with the newer log4j 2.15.0 version:
<BLOCKQUOTE><UL>
<li>log4j-api-2.15.0.jar</li>
<li>log4j-core-2.15.0.jar</li>
</UL></BLOCKQUOTE>
</P>

<P>
You can find these in the latest Ghidra 10.1 release, or from:
<BLOCKQUOTE><UL>
<li>https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-api/2.15.0/log4j-api-2.15.0.jar</li>
<li>https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.15.0/log4j-core-2.15.0.jar</li>
</UL></BLOCKQUOTE>
</P>

<P>
The details of the vulnerability can be found here:
<BLOCKQUOTE><UL>
<li>https://nvd.nist.gov/vuln/detail/CVE-2021-44228</li>
</UL></BLOCKQUOTE>
</P>

<P>Ghidra 10.1 is fully backward compatible with project data from previous releases. However, programs and data type archives
which are created or modified in 10.1 will not be useable by an earlier Ghidra version.</P>

Expand Down

0 comments on commit 2fcf0d2

Please sign in to comment.