v1.7.0

• Exclude nfs, tmpfs, devtmpfs, iso9660 partitions by default. See #79
• Added --exclude-fs option. See #45
• Fixed tagged version parsing bug. e.g. 2.0-alpha1. See #94
• Ignore empty line of --exclude-config file. See #100
• Added detect timestamp to CSV report file. See #62
• Don't create empty CSV report file. See #62
• Error message for no permission. See #86
• --report-path enables --report-csv by default.
  • Contributed by Daywalker01

1.6.3 Release

Treat Log4j 2.12.2 as non-vulnerable for JDK7 environment. See #83

1.6.2 Release

Added Hostname column to CSV report. See #62

1.6.1 Release

• Fixed NullPointerException bug. See #77

1.6.0 Release

• Fixed patch failure caused by duplicated entry. See #71 , #35
• Test file lock status first before backup. See #68
  • Backup file cleaning is no longer required in case of fix failure.
• Add CSV reporting feature. See #62
  • --report-csv will generate log4j2_scan_report_yyyyMMdd_HHmmss.csv in working directory
  • If you want to specify report output path, use --report-path option.
• Added --exclude-pattern feature.
  • Contributed by Daywalker01.
• Recognize also C: as scan target path. See #66

1.5.0 Release

• Support deep nested JAR files. See #35
• Support .RAR files. See #59
• Fixed patch logic for spring boot application. See #61 , #63
  • Error example: Unable to open nested entry 'BOOT-INF/lib/spring-boot-2.6.1.jar'. It has been compressed and nested jar files must be stored without compression. Please check the mechanism used to create your executable jar file
• Added exit code. See #58
• Added --silent option. See #64

1.4.0 Release

• Added print for starting point of the scan. See #54
• Added scan status reporting every 10 seconds. See #52
• Fixed symlink patch procedure. Now patch linked file if symlink is detected as vulnerable. See #47
• Fixed CVE code for log4j 2.15.0 detection. See #50
• Report also potential vulnerable files.
  • Potential vulnerable status means version cannot be identified and contains JndiLookup.class
  • Contributed by ChKemper (Christian Kemper)
• Added --scan-zip option for scanning .zip files.
• Added --debug option for debugging. It will print out exception stacktrace.

1.3.2 Release

• Detect also CVE-2021-45046 (2.15.0 version is also vulnerable)
  • See https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046
  • Contributed by ChKemper (Christian Kemper)
• Skip all $RECYCLE.BIN directories. See #49
• Added --no-symlink option. See #47

1.3.1 Release

Skip symlink patch. See #47

1.3.0 Release

• Added --exclude option and --exclude-config option. See #26
• Added --all-drives option and --drives c,d option. See #30
• Changed broken zip open error messages. See #42