Hi all, On Sat, 22 Apr 2023 at 01:02, Ralph Goers <ralph.go...@dslextreme.com> wrote: > > Note that he may also have a shaded jar that has Log4j embedded in it. That > would be impossible for us to know without personally inspecting the > deployment.
That's something that can be discovered with a shell script like this: find -iname '*.jar' -print0 | while IFS= read -d '' file; do if unzip -t "$file" | grep -q org/apache/logging/log4j; then echo $file; fi; done This might contain bash-specific options, but should work on a GNU Linux distribution or on Windows with the MSys2 distribution (e.g. from Git for Windows). Piotr