Changelog
Added hotpatch
command which attempts to use the bug against itself to patch the vulnerability in a running server.
Added severity levels to different log4j versions detected by dfa5cb5 Add CVE number back to first line of text for SEOscan
, and included 2.15.0
in vulnerable versions.
Commit Log
f0478fa Add log4j to first sentence
f4ef8a1 Add log4shell CLI tool
3df9089 Add option to write outputs to a file.
007212a Add social links and update main Readme
6849b46 Adding command for running log4shell hotpatch server. The command brings up the servers, but they currently do not work.
2ebe83b Bump version
86d0fb5 Change version to beta
dd21d16 Content reworking
d020276 Enabled options for printing out json for parsing results.
6e88ba6 Fix Master CI
7fa24c4 Fix bad link in blog post
209e3ad Fix bad path
1d79cce Fix entrypoint for package
28f4278 Fix grammar in mitigation guide
18ff24a Fix renamed directory
457d281 Fix script to work with both a specific path or in the current folder
94ce327 Fix typo
aca37df Hotpatching works when being tested locally again vulnerable spring server.
a7384c0 Merge branch 'add-log4shell-cli' of github.com:lunasec-io/lunasec into add-log4shell-cli
86dc397 Merge branch 'master' into add-log4shell-cli
b89fed5 Merge branch 'master' into log4shell-vuln-finder
b7f58e4 Merge pull request #283 from lunasec-io/add-log4shell-cli
ad7840c Merge pull request #285 from lunasec-io/log4shell-vuln-finder
f5e6a3e Merge pull request #286 from lunasec-io/fix-ci-on-master
66cacc5 Merge pull request #288 from lunasec-io/update-mitigation-guide
9a1c3c8 Merge pull request #289 from lunasec-io/fix-bad-link-in-post
78e9ac5 Merge pull request #290 from slovdahl/patch-1
a3e5bfc Merge pull request #293 from lunasec-io/dec13-blog-edits
de48c4d Merge pull request #294 from lunasec-io/add-social-links-to-mitigation-guide
8eb17db Merge pull request #296 from lunasec-io/log4shell-vuln-finder
5252c62 Merge pull request #297 from lunasec-io/mitigation-edits-forrest
708a471 Merge pull request #302 from natrem/patch-1
5fb29d0 Merge pull request #303 from lunasec-io/no-lookups-no-worky
2307b8d Merge remote-tracking branch 'origin/master' into mitigation-edits-forrest
9a9a79a Mitigation edits forrest (#295)
8b896f1 More post cleanup
7831485 More post cleanup
4eac204 Remove thank you line
2279eb6 Scanner finds 2.15 (#305)
91d70d8 Update 2021-12-09-log4j-zero-day.md
90a4e6e Update 2021-12-09-log4j-zero-day.md
d81ffb4 WIP blog post
c59a38a Wrap up the Log4Shell Mitigation Guide doc
312a99d Write up the rest of the blog post
85060ce add contact form, what a doozy
471f56b add warnings about 2.15 and flag
cea63e8 also find war files
a1a365c better warning
ab10a9f big mitigation edits
c76f49b blog edits to header example
b6b2dcd few tiny edits
0431797 fix english (#304)
817388a fix package mistake
d59ad40 fix typo and add CVE name
1c0c95b log4shell scanning cli initial commit
54acae9 make hash downloading automatic even if not using NPM
a9145cf mention log4j 2.16
a2d7637 merge master
7c82887 more CVE mentions
b6a7004 move log4shell to tools
e0f9796 remove bad dep and eslint ignore something
a717e20 small edits linking two blog posts together and other nits
56fe994 update Log4ShellHotpatch
cddae2c update binary name to log4shell
a9199b7 when scanning archives, scan nested ones