Log4j 2.17.0 - CVE-2021-45105

[yunzheng]

A new Log4j version has been released that fixes an Infinite recursion issue in lookup evalution.

Source:

• https://logging.apache.org/log4j/2.x/security.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105

I just pushed changes to log4j-finder (see #43) to mark log4j 2.17.0 as the only GOOD version, everything older than 2.17.0 is now marked as VULNERABLE.

[yunzheng]

Note that this update is only in the source repository yet, hope to push out a new release today. If you cannot wait, get auto generated binaries from here: https://github.com/fox-it/log4j-finder/actions

[theshidoshi]

Hi

Thanks for the amazing project.

I have noted that 2.17.0 is listed as good as per your last updated version.

However it has been superseded by 2.17.1 which is now deemed the only GOOD version.

Any plans to update the code?

Thank you

Shidoshi