Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Catching log4j 1.x also ?
See original GitHub issueHi I found following string not reported by log4j-finder.
... /xxx/lib/log4j-1.2.15.jar
please consider to catch log4j 1.x jar also.
Thanks
Issue Analytics
- State:
- Created 2 years ago
- Reactions:1
- Comments:8 (5 by maintainers)
Top Results From Across the Web
Log4j 1.x Vulnerability Mitigation Guide - Pete Freitag
TLDR: Apache Log4j 1.x does have vulnerabilities that are unpatched. Many configurations are not impacted by the vulnerabilities by default.
Read more >Log4j vulnerability explained: Prevent Log4Shell RCE ... - Snyk
Today (Dec.10, 2021), a new, critical Log4j vulnerability was disclosed: Log4Shell. Learn more about log4j vulnerability fix.
Read more >log4j 1.x for Logback - Sentry Documentation
The sentry-log4j library provides Log4j 1.x support for Sentry via an Appender that sends logged exceptions to Sentry. Once this integration is configured ......
Read more >【Log4J Vulnerability】- How to prevent, detect & fix Log4J
The next step is to identify all projects using the Log4J library. The project might be vulnerable if versions between 2.0-beta9 and 2.14.1...
Read more >Critical Apache Log4j Vulnerability Updates | FortiGuard Labs
What versions of Log4j are vulnerable? · CVE-2021-44228: All Log4j versions from 2.0-beta9 through 2.12.1, and 2.13.0 through 2.14.1 (also ...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Quick Googling on XMSappender.class log4j CVE bring this page up. https://www.kb.cert.org/vuls/id/930724
I have started collecting hashes from samples of 1.x JMSAppender.class
"45857e7767d0af0ee2773ce69a9b77fb": "log4j 1.2.12","6df11afef01bbc20b1862977da8dd0e3": "log4j 1.2.13","6df11afef01bbc20b1862977da8dd0e3": "log4j 1.2.14","057abb2f43d712e8b2c519f1f5684a94": "log4j 1.2.15","abbf972ad55b21cb813ffb82c65c4239": "log4j 1.2.16","aa189ba43b50b4cd95f60473929b3009": "log4j 1.2.17",Could you review these? I would be keen on adding 1.x support