Skip to content

Releases: lunasec-io/lunasec

v1.0.0-lunatrace

05 Apr 05:46
Compare
Choose a tag to compare

Initial release

The LunaTrace CLI can collect SBOMs of files, directories, containers, and remote repositories. Once collected, the SBOM can be reported to LunaTrace for automated scanning for vulnerabilities.

v1.6.1-log4shell

05 Mar 01:10
Compare
Choose a tag to compare
  • Publish linux ppc64le

v1.6.0-log4shell

11 Jan 09:15
Compare
Choose a tag to compare

This release adds the log4shell cloud-scan command. This command will automatically notify you about future vulnerabilities in your code by uploading a list of dependencies used by your project.

We're planning to build more functionality like an Open Source Web dashboard, and that will be released under the name "LunaTrace" soon. If you're interested in chatting with us about that, please send us a message. Feedback is incredibly helpful for us as we build this tooling!

v1.5.2-log4shell

05 Jan 16:48
Compare
Choose a tag to compare

Changelog

29f889c Adding blog post talking about new CVEs and security team response (#390)
57d3525 Blog post - Working backwards from log4shell to see why we built lunasec (#388)
8be8d65 Fix analytics by inserted into every HTML file
f2ce957 Fixes #368 - jars larger than a gig are extracted to disk when scanning (#400)
d222fe1 Merge pull request #397 from lunasec-io/update-hype-title
973a6c4 Merge pull request #398 from lunasec-io/fix-analytics
32a4cec Merge pull request #399 from lunasec-io/fix-typos-jan
94e75ac Update Hype train post title
3b1e39d bump version (#401)
432e4b3 fix typos

v1.5.1-log4shell

31 Dec 18:16
Compare
Choose a tag to compare

Changelog

0989db4 Dana incoming edits (#389)
0cbe2e6 Dana incoming edits two (#391)
fee19ab Dana incoming edits two (#392)
2f14ea9 Log4shell scan improvements (#393)
7ed6ad7 Update log4shell readme (#394)
683bbad ignore all webpack generated stuff...weirdness
a154837 version bump (#395)

v1.5.0-log4shell

27 Dec 08:27
Compare
Choose a tag to compare

Changelog

451e1c4 Add ear file extension to Scan function
ac30e3d Edit of first blog post (#381)
5bd43d1 Merge branch 'master' into add-jar-patcher
74e545a Merge pull request #308 from lunasec-io/add-jar-patcher
569b46c Merge pull request #378 from lunasec-io/fix-file-not-closed
9891b13 Merge pull request #380 from NorthwaveCERT/patch-1
eda04aa Merge pull request #386 from lunasec-io/log4shell-blog-cli-command-update
74bb3cd Severity 9.8 for log4j v1 vulns
02a9e73 Some scaffolding for a JAR patcher
6a3eb6c Speed up ci (#383)
bec65fd Swap from Severity to CVE
99aee5c Update vulnerablehashes.go
dd697d3 Update vulnerablehashes.go
24b9eaf added 2.15 hashes and confirmed they work
7e8c146 begin to support nested zips when patching
4fd334e duplicate flags onto scan command because its more natural UX
50f3d2a first draft of adding severity rating to vulns
7d30321 generating hashes for the JndiLookup.class file to patch out
56c6375 include jndilookup.class file when analyzing so that it can be removed when patching
fbab2cf jar patcher is able to remove JndiLookup.class file from jars
449f700 nested patching works now
6e99190 patcher works on non-nested zips, but is truncating nested zips for some reason
258281c testing the jar patcher by loading findings file and then looking at discovered files
bcf95cc update info about cli
e867b7b update wording in blog to be more clear that the cli is not an archive

v1.4.2-log4shell

21 Dec 02:43
Compare
Choose a tag to compare

Changelog

423c567 Merge pull request #366 from tlehman/patch-1
d6a8fa4 Merge pull request #367 from lunasec-io/update-guidance-to-include-2.17.0
62dc0e9 Merge pull request #375 from lunasec-io/osx-log4shell
7a160ba Merge pull request #376 from lunasec-io/fix-malicious-links
a414f0a Update 2021-12-12-log4j-zero-day-mitigation-guide.mdx
472e23e Update 2021-12-12-log4j-zero-day-mitigation-guide.mdx
b02cd4f Update guidance across all posts
15c5823 Update the malicious links to be our domain everywhere
a33566d WIP OSS patching blog post (#348)
780dd9f better osx instructions
71adc6a close read which is left open
90f1858 typo 'and' should be 'an'
c387156 update guidance to use 2.17.0

v1.4.1-log4shell

18 Dec 06:55
Compare
Choose a tag to compare

Changelog

Fixes #351

0f47f25 Add bypass payload to post
4c832fb Fix bad date
9f908c8 Fix bug in the new CVSS post
600fc1b Merge pull request #352 from lunasec-io/follow-post-to-CVE-2021-45046
5719683 Merge pull request #353 from lunasec-io/fix-bug-in-post
dce51d5 Merge pull request #354 from lunasec-io/fix-bug-in-post
5d3a341 Merge pull request #355 from lunasec-io/fix-bug-in-post
0cbce8c Merge pull request #356 from lunasec-io/fix-bug-in-post
998c69d Merge pull request #360 from lunasec-io/do-not-open-non-existant-files-from-symlinks
8f796fd One more change
c2f9bd7 Update issue templates
a89ce9b add details about the latest updates about the log4shell cves
fc20cbd broken symlinks no longer stop scanning
67f8a2f bump version
da858ef create blog post discussing follow up issues for cve
b5e245b update date

v1.4.0-log4shell

17 Dec 06:53
Compare
Choose a tag to compare

Changelog

ee2c163 Add FUNDING.yml file for GitHub Sponsors
7a305f7 Add links back to other posts
bdeb637 Add links to other blog posts and update phrasing
b4751d1 Merge branch 'bump-log4shell-cli-version' of github.com:lunasec-io/lunasec into bump-log4shell-cli-version
4372467 Merge branch 'bump-log4shell-cli-version' of github.com:lunasec-io/lunasec into bump-log4shell-cli-version
cfe2c1b Merge branch 'master' into improve-scanner-reliability
33bbf9c Merge pull request #330 from lunasec-io/improve-scanner-reliability
fb5deb3 Merge pull request #334 from acollign/feature/add-exts
712a040 Merge pull request #342 from lunasec-io/bump-log4shell-cli-version
8150184 Merge pull request #345 from lunasec-io/add-link-to-new-posts
3f604c2 Merge pull request #347 from lunasec-io/add-funding-file
ecbcc80 Merge pull request #350 from lunasec-io/increase-severity-of-cve-2021-45046
8c466e3 Update README.md
b654be5 add --no-follow-symlinks
be2b698 add manual releasing instructions
2ce1498 add zip and ear extensions to allow deep scans
2dd8391 analyzer has better semver version checking
c273bcb bump cli version to 1.3.2
bca9018 fix false positive for 2.16.0 and 2.15.0
ccd10e6 global flags are recognized by the cli if they have a name collision in a subcommand
7ebe74f improve log colors
36673ca increase severity of cve-2021-45046 finding
427e491 resolve symlinks while scanning
1c98ea0 slightly better log level printing
5b506a1 switch all logs to stdout and prettier formatting for scan results
43f6987 update CTA size
c6affa5 version change is more than a patch, version should reflect this
70d405f warning about virus scanners in blog post

v1.3.1-log4shell

16 Dec 18:58
Compare
Choose a tag to compare

Changelog

a499653 bump version
2180554 include 1.2.17 in scanning log4j1