CVE 2021 44228 Scanner Versions Save

• Added --report-patch option for safe version reporting. See #273
• Added reload4j MD5 hashes for accurate version detection. See #246 , #271
• Sanitized build version without HTTPS stack. See #277

• Support centralized reporting and visualization with Logpresso Watch
  • Join Logpresso Watch service and use --api-key option for integration

• Support reload4j vulnerability detection. See #271
• Added md5 hash for shaded log4j of newrelic.jar. See #266

• Added MD5 based Log4j version detection. No more N/A. See #262 , #265 , #266
  • https://github.com/logpresso/CVE-2021-44228-Scanner/wiki/MD5-for-log4j-1.x-classes
  • https://github.com/logpresso/CVE-2021-44228-Scanner/wiki/MD5-for-log4j-2.x-classes
• Print user and added user information to JSON report. See #249

• Reduced memory footprint significantly. See #253
  • For 5 million files in the single directory, previous version used 1.7GB.
  • v2.9.0 uses only 0.3GB for same number of files.
  • You can further reduce memory footprint using -Xmx switch.
    • For example, -Xmx100M will limit max memory usage to 100 megabytes
    • Consider max JAR or ZIP file size for tuning.
• Report directory traversal error. See #249
  • For example, Error: Access denied. Skipping c:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Cache with administrator privileges.

• Added --throttle option to limit CPU usage. See #137
  • --throttle 1000 means that scanner is allowed to scan 1000 files per second.
• Improved scan performance (x2.7)
  • Before patch: 340 seconds for 12926 directories and 48569 files
  • After patch: 122 seconds for 12926 directories and 48569 files
  • Bottleneck was I/O call for every single byte when commons-compress reads ZIP file.

• Support CVE-2022-23302, CVE-2022-23305 and CVE-2022-23307, See #259
  • --fix option will remove following classes:
    • For CVE-2022-23302: JMSSink.class
    • For CVE-2022-23305: JDBCAppender.class
    • For CVE-2022-23307: All classes in org.apache.log4j.chainsaw package

Added scanner_args to summary of JSON report file. See #241

{
    "summary": {
        "scanner_banner": "Logpresso CVE-2021-44228 Vulnerability Scanner 2.7.2 (2022-01-11)",
        "scanner_version": "2.7.2",
        "scanner_release_date": "2022-01-11",
        "scanner_args": [
            "--report-json",
            "d:\\tmp\\verify"
        ],
        "hostname": "RAPH",
        ..snip..
}

• Send syslog packets for scan error. See #230
• Added missing CSV header on log file creation. See #178

• Support CSV and JSON log file output. See #178 , #229
  • Use --csv-log-path or --json-log-path option.
• Added --syslog-facility option. See #227
• Added --rfc5424 option. See #230
  • Follow RFC5424 message format strictly with UTF8 BOM.
• Added --exclude-file-config option to exclude file paths using exact matching. See #223