You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -2,8 +2,8 @@
2
2
3
3
Detects Log4J versions on your file-system within any application that are vulnerable to [CVE-2021-44228](https://mergebase.com/vulnerability/CVE-2021-44228/) and [CVE-2021-45046](https://mergebase.com/vulnerability/CVE-2021-45046/). It is able to even find instances that are hidden several layers deep. Works on Linux, Windows, and Mac, and everywhere else Java runs, too!
4
4
5
-
Currently detects log4j-core versions 2.12.2 and 2.16.0 as SAFE, 2.15.0 as OKAY and all other versions as VULNERABLE
6
-
(although it does report pre-2.0-beta9 as "POTENTIALLY_SAFE").
5
+
Currently reports `log4j-core` versions 2.12.2 and 2.16.0 as **\_SAFE\_**, 2.15.0 as **\_OKAY\_** and all other versions as **\_VULNERABLE\_**
6
+
(although it does report pre-2.0-beta9 as "**\_POTENTIALLY_SAFE\_**").
7
7
8
8
Can correctly detect log4j inside executable spring-boot jars/wars, dependencies blended
9
9
into [uber jars](https://mergebase.com/blog/software-composition-analysis-sca-vs-java-uber-jars/), shaded jars, and even
0 commit comments