Note that we flag the java 6 and 7 versions as vulnerable

google / log4jscanner

A log4j vulnerability filesystem scanner and Go package for analyzing JAR files.

Apache License 2.0

1.57k stars 120 forks source link

Closed ddworken closed 2 years ago

ddworken commented 2 years ago

Fixes #43

nikaiw commented 2 years ago

Note: It's 2.12.2+ instead of 2.12.3+ and there is a discrepancy because 2.3.2 is not being detected although 2.3.1 is being detected.

ddworken commented 2 years ago

Thanks! I'll take a look at that discrepancy to see whether it makes sense to try to fix it. Removed the version ranges from this PR.