Please see the tags page: https://github.com/mergebase/log4j-detector/tags
- Ability to detect log4j-core-2.3.2.jar, log4j-core-2.12.4.jar, and log4j-core-2.17.1.jar (all are _SAFE_).
- Ability to detect log4j-core-2.3.1.jar and log4j-core-2.12.3.jar (both are _SAFE_).
- Improved ability to deal with shaded jars.
- Added support for --stdin, --json, and --exclude options.
- Added support for scanning *.jpi and *.hpi files (essentially zip files).
- Ability to detect log4j-core-2.17.0.jar
-
Properly detect exploded Log4J versions (that are not inside *.jar and instead are just sitting as *.class directly on disk).
-
Fixed problem that was causing some inner-jar entries to be misread. ("Unexpected end of ZLIB stream").
-
All problems now printed on STDERR instead of STDOUT.
-
Only check read-permission on files we're interested in (makes for a lot fewer "cannot read!" errors).