Skip to content

Releases: logpresso/CVE-2021-44228-Scanner

3.0.1 Release

13 Feb 16:04
Compare
Choose a tag to compare
  • Added --report-patch option for safe version reporting. See #273
  • Added reload4j MD5 hashes for accurate version detection. See #246 , #271
  • Sanitized build version without HTTPS stack. See #277

3.0.0 Release

11 Feb 15:39
Compare
Choose a tag to compare
  • Support centralized reporting and visualization with Logpresso Watch

image

2.9.2 Release

05 Feb 16:22
Compare
Choose a tag to compare
  • Support reload4j vulnerability detection. See #271
  • Added md5 hash for shaded log4j of newrelic.jar. See #266

2.9.1 Release

03 Feb 05:04
Compare
Choose a tag to compare

2.9.0 Release

02 Feb 04:49
Compare
Choose a tag to compare
  • Reduced memory footprint significantly. See #253
    • For 5 million files in the single directory, previous version used 1.7GB.
    • v2.9.0 uses only 0.3GB for same number of files.
    • You can further reduce memory footprint using -Xmx switch.
      • For example, -Xmx100M will limit max memory usage to 100 megabytes
      • Consider max JAR or ZIP file size for tuning.
  • Report directory traversal error. See #249
    • For example, Error: Access denied. Skipping c:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Cache with administrator privileges.

2.8.1 Release

27 Jan 11:10
Compare
Choose a tag to compare
  • Added --throttle option to limit CPU usage. See #137
    • --throttle 1000 means that scanner is allowed to scan 1000 files per second.
  • Improved scan performance (x2.7)
    • Before patch: 340 seconds for 12926 directories and 48569 files
    • After patch: 122 seconds for 12926 directories and 48569 files
    • Bottleneck was I/O call for every single byte when commons-compress reads ZIP file.
      image (39)

2.8.0 Release

27 Jan 06:59
Compare
Choose a tag to compare

2.7.2 Release

11 Jan 14:45
Compare
Choose a tag to compare

Added scanner_args to summary of JSON report file. See #241

{
    "summary": {
        "scanner_banner": "Logpresso CVE-2021-44228 Vulnerability Scanner 2.7.2 (2022-01-11)",
        "scanner_version": "2.7.2",
        "scanner_release_date": "2022-01-11",
        "scanner_args": [
            "--report-json",
            "d:\\tmp\\verify"
        ],
        "hostname": "RAPH",
        ..snip..
}

2.7.1 Release

02 Jan 15:10
Compare
Choose a tag to compare
  • Send syslog packets for scan error. See #230
  • Added missing CSV header on log file creation. See #178

2.7.0 Release

02 Jan 12:32
Compare
Choose a tag to compare
  • Support CSV and JSON log file output. See #178 , #229
    • Use --csv-log-path or --json-log-path option.
  • Added --syslog-facility option. See #227
  • Added --rfc5424 option. See #230
    • Follow RFC5424 message format strictly with UTF8 BOM.
  • Added --exclude-file-config option to exclude file paths using exact matching. See #223