search

AlexandreHeroux / Fix-CVE-2021-44228

Apply class remove process from ear/war/jar/zip archive, see https://logging.apache.org/log4j/2.x/
6 stars 4 forks source link

Add org/apache/log4j/net/JMSAppender.class #2

Closed robertdahlem closed 2 years ago

robertdahlem commented 2 years ago

So far this works for log4j V2.

Would you mind adding "org/apache/log4j/net/JMSAppender.class" to MALICIOUS_FILES? This would help mitigating log4j V1 problems.

AlexandreHeroux commented 2 years ago

Good point, I will add it. Thanks