GP-0: Updating README.md

This commit is contained in:
Ryan Kurtz 2021-12-10 12:15:08 -05:00
parent 42ca00b35d
commit 2c73c72f0b

View File

@ -1,5 +1,30 @@
<img src="Ghidra/Features/Base/src/main/resources/images/GHIDRA_3.png" width="400">
# WARNING
**WARNING:** There has been a [published CVE security vulnerability](https://nvd.nist.gov/vuln/detail/CVE-2021-44228)
noted in Ghidra dependencies within 2 `log4j` jar files. We strongly encourage anyone using
previous versions of Ghidra to remediate this issue by either upgrading to
[Ghidra 10.1](https://github.com/NationalSecurityAgency/ghidra/releases/tag/Ghidra_10.1_build),
or patching your current version. To patch your current Ghidra installation, delete:
* `Ghidra/Framework/Generic/lib/log4j-api-2.12.1.jar`
* `Ghidra/Framework/Generic/lib/log4j-core-2.12.1.jar`
and replace with the newer log4j 2.15.0 version:
* [`Ghidra/Framework/Generic/lib/log4j-api-2.15.0.jar`](https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-api/2.15.0/log4j-api-2.15.0.jar)
* [`Ghidra/Framework/Generic/lib/log4j-core-2.15.0.jar`](https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.15.0/log4j-core-2.15.0.jar)
If you are running Ghidra from the development environment, please pull the latest `master` branch
(or `patch`/`stable` if applicable), and execute the following to upgrade your repo to the newer
`log4j`:
```
$ gradle prepdev cleanEclipse eclipse
```
---
# Ghidra Software Reverse Engineering Framework
Ghidra is a software reverse engineering (SRE) framework created and maintained by the