log4j-detector-2021.12.12.jar does not traverse symbolic links

mergebase / log4j-detector

A public open sourced tool. Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J instances that are hidden several layers deep. Works on Linux, Windows, and Mac, and everywhere else Java runs, too! TAG_OS_TOOL, OWNER_KELLY, DC_PUBLIC

Other

638 stars 98 forks source link

log4j-detector-2021.12.12.jar does not traverse symbolic links #1

Closed chrstnrnngr closed 2 years ago

chrstnrnngr commented 2 years ago

2021-12-13_log4j-detector_symlinks

juliusmusseau commented 2 years ago

Thanks for the bug report!

juliusmusseau commented 2 years ago

It traverses symlinks now.