CollaboratorPlusPlus icon indicating copy to clipboard operation
CollaboratorPlusPlus copied to clipboard
verified publisher icon nccgroup

Outdated log4j library used

Open prodigysml opened this issue 4 years ago • 2 comments

Just wanted to raise that this tool is using an outdated log4j library: https://github.com/nccgroup/CollaboratorPlusPlus/blob/d36dd9f12624ee8ec3bfcb5f462bfc484cd2bdd3/build.gradle#L29

The tool is an awesome tool and I'm aware of multiple people using it, so figured it might be a good idea to try get fixed. Upgrading to version 2.17.0 should fix the issue. It is possibly exploitable if the debug mode is enabled: https://github.com/nccgroup/CollaboratorPlusPlus/blob/29e05c3f0815ee3dd21cf29be3120c6d8166e488/src/main/java/com/nccgroup/collaboratorplusplus/server/HttpHandler.java#L71

prodigysml avatar Dec 24 '21 03:12 prodigysml

Fixed by #6

antifob avatar Feb 01 '22 19:02 antifob

@CoreyD97 Since #6 and #7 were merged. Could you push a tag for the updated version to publish an updated release jar Thanks :)

# assuming the current branch is on par with this repo's master
git tag v1.0.1
git push --tags

antifob avatar Feb 13 '22 17:02 antifob