Nixyri/ghidra
1
0
Fork 0
mirror of https://github.com/NationalSecurityAgency/ghidra.git synced 2024-11-10 06:02:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

GP-0: Updating README.md

Browse Source
This commit is contained in:
Ryan Kurtz 2021-12-15 12:27:35 -05:00
parent 0fc8055c77
commit e0cb6a78fa
1 changed files with 7 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
README.md
View File

@ -1,30 +1,5 @@
<img src="Ghidra/Features/Base/src/main/resources/images/GHIDRA_3.png" width="400">
# WARNING
**WARNING:** There has been a [published CVE security vulnerability](https://nvd.nist.gov/vuln/detail/CVE-2021-44228)
noted in Ghidra dependencies within 2 `log4j` jar files. We strongly encourage anyone using
previous versions of Ghidra to remediate this issue by either upgrading to
[Ghidra 10.1](https://github.com/NationalSecurityAgency/ghidra/releases/tag/Ghidra_10.1_build),
or patching your current version. To patch your current Ghidra installation, delete:
* `Ghidra/Framework/Generic/lib/log4j-api-2.12.1.jar`
* `Ghidra/Framework/Generic/lib/log4j-core-2.12.1.jar`
and replace with the newer log4j 2.15.0 version:
* [`Ghidra/Framework/Generic/lib/log4j-api-2.15.0.jar`](https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-api/2.15.0/log4j-api-2.15.0.jar)
* [`Ghidra/Framework/Generic/lib/log4j-core-2.15.0.jar`](https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.15.0/log4j-core-2.15.0.jar)
If you are running Ghidra from the development environment, please pull the latest `master` branch
(or `patch`/`stable` if applicable), and execute the following to upgrade your repo to the newer
`log4j`:
```
$ gradle prepdev cleanEclipse eclipse
```
---
# Ghidra Software Reverse Engineering Framework
Ghidra is a software reverse engineering (SRE) framework created and maintained by the
@ -46,6 +21,12 @@ If you are a U.S. citizen interested in projects like this, to develop Ghidra an
cybersecurity tools for NSA to help protect our nation and its allies, consider applying for a
[career with us][career].
## Security Warning
**WARNING:** There are known security vulnerabilities within certain versions of Ghidra. Before
proceeding, please read through Ghidra's [Security Advisories][security] for a better understanding
of how you might be impacted.
## Install
To install an official pre-built multi-platform Ghidra release:
* Install [JDK 11 64-bit][jdk11]
@ -137,3 +118,4 @@ source project.
[vs]: https://visualstudio.microsoft.com/vs/community/
[eclipse]: https://www.eclipse.org/downloads/packages/
[master]: https://github.com/NationalSecurityAgency/ghidra/archive/refs/heads/master.zip
[security]: https://github.com/NationalSecurityAgency/ghidra/security/advisories