log4j security vulnerbility find and fix? Any tool to help find the current usage of log4j version and fix for springboot app.
Asked
Active
Viewed 792 times
0
-
See this answer to a related question: https://stackoverflow.com/a/70363203/17682051 – CyberPetaNeuron Dec 20 '21 at 08:37
1 Answers
0
Found this great tool that helped in scanning log4j dependencies used in a jar: https://github.com/logpresso/CVE-2021-44228-Scanner Install it on the required platform and run the binary with the path to scan. eg: ./log4j2-scan /var/lib/jenkins/ It'll scan and show you the report.
For the Spring-boot-starter-log4j2 to use the latest version of log4j, follow the below GitHub link and make the required change in the build file to enable spring-boot to make use of the latest required package.
Syed Ruman
- 9
- 2