mergebase
diff --git a/‎CHANGELOG.md
+31-26 b/‎CHANGELOG.md
+31-26
diff --git a/‎README.md
+9-9 b/‎README.md
+9-9
diff --git a/‎log4j-detector-2021.12.22.jar
58.7 KB b/‎log4j-detector-2021.12.22.jar
58.7 KB
diff --git a/‎log4j-detector-latest.jar
58.7 KB b/‎log4j-detector-latest.jar
58.7 KB
diff --git a/‎pom.xml
+1-1 b/‎pom.xml
+1-1
@@ -1,26 +1,31 @@
-
-## To Build Or Download Previous Versions
-
-Please see the tags page: https://github.com/mergebase/log4j-detector/tags
-
-## v2021.12.20
-
-- Added support for --stdin, --json, and --exclude options.
-- Added support for scanning *.jpi and *.hpi files (essentially zip files).
-
-## v2021.12.17
-
-- Ability to detect log4j-core-2.17.0.jar 
-
-## v2021.12.16
-
-- Properly detect exploded Log4J versions (that are not inside *.jar and instead are just sitting as *.class directly on disk).
-
-- Fixed problem that was causing some inner-jar entries to be misread. ("Unexpected end of ZLIB stream").
-
-- All problems now printed on STDERR instead of STDOUT.
-
-- Only check read-permission on files we're interested in (makes for a lot fewer "cannot read!" errors).
-
-
-
+
+## To Build Or Download Previous Versions
+
+Please see the tags page: https://github.com/mergebase/log4j-detector/tags
+
+## v2021.12.22
+
+- Ability to detect log4j-core-2.3.1.jar and log4j-core-2.12.3.jar (both are \_SAFE\_).
+- Improved ability to deal with shaded jars.
+
+## v2021.12.20
+
+- Added support for --stdin, --json, and --exclude options.
+- Added support for scanning *.jpi and *.hpi files (essentially zip files).
+
+## v2021.12.17
+
+- Ability to detect log4j-core-2.17.0.jar 
+
+## v2021.12.16
+
+- Properly detect exploded Log4J versions (that are not inside *.jar and instead are just sitting as *.class directly on disk).
+
+- Fixed problem that was causing some inner-jar entries to be misread. ("Unexpected end of ZLIB stream").
+
+- All problems now printed on STDERR instead of STDOUT.
+
+- Only check read-permission on files we're interested in (makes for a lot fewer "cannot read!" errors).
+
+
+
@@ -37,16 +37,16 @@ We currently maintain a collection of [log4j-samples](https://github.com/mergeba
 
 # Example Usage: <a name="itemexample"></a>
 
-java -jar log4j-detector-2021.12.20.jar [path-to-scan] > hits.txt
+java -jar log4j-detector-2021.12.22.jar [path-to-scan] > hits.txt
 
 ![Terminal output from running java -jar log4j-detector.jar in a terminal](./images/log4j-detector.png)
 
 # More Example Usage: <a name="itemmore"></a>
 
 ```
-java -jar log4j-detector-2021.12.20.jar ./samples 
+java -jar log4j-detector-2021.12.22.jar ./samples 
 
--- github.com/mergebase/log4j-detector v2021.12.20 (by mergebase.com) analyzing paths (could take a while).
+-- github.com/mergebase/log4j-detector v2021.12.22 (by mergebase.com) analyzing paths (could take a while).
 -- Note: specify the '--verbose' flag to have every file examined printed to STDERR.
 /opt/mergebase/log4j-detector/samples/clt-1.0-SNAPSHOT.jar contains Log4J-2.x   >= 2.10.0 _VULNERABLE_
 /opt/mergebase/log4j-detector/samples/infinispan-embedded-query-8.2.12.Final.jar contains Log4J-2.x   >= 2.0-beta9 (< 2.10.0) _VULNERABLE_
@@ -81,9 +81,9 @@ java -jar log4j-detector-2021.12.20.jar ./samples
 # Usage <a name="itemusage"></a>
 
 ```
-java -jar log4j-detector-2021.12.20.jar 
+java -jar log4j-detector-2021.12.22.jar 
 
-Usage: java -jar log4j-detector-2021.12.20.jar [--verbose] [--json] [--stdin] [--exclude=X] [paths to scan...]
+Usage: java -jar log4j-detector-2021.12.22.jar [--verbose] [--json] [--stdin] [--exclude=X] [paths to scan...]
 
   --json       - Output STDOUT results in JSON.  (Errors/warning still emitted to STDERR)
   --stdin      - Read STDIN for paths to explore (one path per line)
@@ -95,7 +95,7 @@ Exit codes:  0 = No vulnerable Log4J versions found.
              1 = At least one legacy Log4J 1.x version found.
              2 = At least one vulnerable Log4J version found.
 
-About - MergeBase log4j detector (version 2021.12.20)
+About - MergeBase log4j detector (version 2021.12.22)
 Docs  - https://github.com/mergebase/log4j-detector 
 (C) Copyright 2021 Mergebase Software Inc. Licensed to you via GPLv3.
 ```
@@ -106,7 +106,7 @@ Docs  - https://github.com/mergebase/log4j-detector
 git clone https://github.com/mergebase/log4j-detector.git
 cd log4j-detector/
 mvn install
-java -jar target/log4j-detector-2021.12.20.jar
+java -jar target/log4j-detector-2021.12.22.jar
 ```
 # Testing: <a name="itemtesting"></a>
 
@@ -169,8 +169,8 @@ to build it, and since this tool has zero dependencies, it shouldn't take too lo
 satisfaction. If you don't trust Maven you can go directly into the "src/main/java/com/mergebase/log4j" directory and
 type "javac \*.java". That works, too!
 
-We also sign the pre-compiled jar we keep in the root of the repository (./log4j-detector-2021.12.20.jar) with the
-MergeBase code signing key.  Please run "jarsigner -verbose -verify log4j-detector-2021.12.20.jar" to confirm this.
+We also sign the pre-compiled jar we keep in the root of the repository (./log4j-detector-2021.12.22.jar) with the
+MergeBase code signing key.  Please run "jarsigner -verbose -verify log4j-detector-2021.12.22.jar" to confirm this.
 
 # What Is MergeBase All About? <a name="itemmergebase"></a>
 
 
@@ -5,7 +5,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>com.mergebase</groupId>
     <artifactId>log4j-detector</artifactId>
-    <version>2021.12.20</version>
+    <version>latest</version>
     <licenses>
         <license>
             <name>GPL-3.0-only</name>