Hi all,

On Sat, 22 Apr 2023 at 01:02, Ralph Goers <ralph.go...@dslextreme.com> wrote:
>
> Note that he may also have a shaded jar that has Log4j embedded in it. That 
> would be impossible for us to know without personally inspecting the 
> deployment.

That's something that can be discovered with a shell script like this:

find -iname '*.jar' -print0 | while IFS= read -d '' file; do if unzip
-t "$file" | grep -q org/apache/logging/log4j; then echo $file; fi;
done

This might contain bash-specific options, but should work on a GNU
Linux distribution or on Windows with the MSys2 distribution (e.g.
from Git for Windows).

Piotr

Reply via email to