2.6.3 Release

xeraph released this 26 Dec 14:36

· 38 commits to main since this release

e46eda2

Do not detect Log4j 2.3.1 (for jdk6) and Log4j 2.12.3 (for jdk7) as vulnerable version. See #213
- CVE-2021-44228 is fixed in Log4j 2.12.2, but Log4j 2.12.2 has CVE-2021-45105. See https://nvd.nist.gov/vuln/detail/CVE-2021-44228
- CVE-2021-45105 is fixed in Log4j 2.12.3 for jdk7. See https://nvd.nist.gov/vuln/detail/CVE-2021-45105
- CVE-2021-45105 is fixed in Log4j 2.3.1 for jdk6. See https://logging.apache.org/log4j/2.x/security.html

Assets 8