log4j 2 status for TLS-Attacker

tls-attacker / TLS-Attacker

TLS-Attacker is a Java-based framework for analyzing TLS libraries. It can be used to manually test TLS clients and servers or as as a software library for more advanced tools.

Apache License 2.0

778 stars 135 forks source link

log4j 2 status for TLS-Attacker #121

Closed roycewilliams closed 2 years ago

roycewilliams commented 2 years ago

Checking on log4j 2 status for this project.

ic0ns commented 2 years ago

Its fixed in the current master branch. Older versions were vulnerable but the risk is pretty low, given that you usually scan your own systems and its usually not a service running somewhere on the internet. I couldn't deploy it to maven central yet since the servers are overloaded, probably next week.

roycewilliams commented 2 years ago

Best I could ask for - thanks very much!