Skip to content
This repository has been archived by the owner on Feb 28, 2023. It is now read-only.
/ log4shell-hotfix-side-effect Public archive

Test case to check if the Log4Shell/CVE-2021-44228 hotfix will raise any unexpected exceptions

logging.apache.org/log4j/2.x/security.html#fixed_in_log4j_2.16.0
3 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

mss/log4shell-hotfix-side-effect

BranchesTags

Repository files navigation

Log4Shell Hotfix Side Effect Test Case

I wanted to know if any ClassNotFoundException or similar unexpected exception is raised when one applies the CVE-2021-44228 aka Log4Shell hotfix as recommended here.

Result: It looks like no exception is bubbling up.

To test this execute the following commands:

./gradlew clean installDist
env JAVA_OPTS=-Xmx64M ./build/install/log4shell-hotfix-side-effect/bin/log4shell-hotfix-side-effect

It will log a bunch of messages and timings and there should be no exceptions.

If the log4j jar file is not patched properly there should be a measurable delay between the messages (or you might even get an RCE, YMMV).

About

Test case to check if the Log4Shell/CVE-2021-44228 hotfix will raise any unexpected exceptions

logging.apache.org/log4j/2.x/security.html#Fixed_in_Log4j_2.16.0

Topics

java log4shell

Resources

Readme
Activity

Stars

3 stars

Watchers

1 watching

Forks

1 fork
Report repository

Languages