mirror of
https://github.com/NationalSecurityAgency/ghidra.git
synced 2024-11-23 12:49:45 +00:00
GP-0: Updating README.md
This commit is contained in:
parent
0fc8055c77
commit
e0cb6a78fa
32
README.md
32
README.md
@ -1,30 +1,5 @@
|
||||
<img src="Ghidra/Features/Base/src/main/resources/images/GHIDRA_3.png" width="400">
|
||||
|
||||
# WARNING
|
||||
|
||||
**WARNING:** There has been a [published CVE security vulnerability](https://nvd.nist.gov/vuln/detail/CVE-2021-44228)
|
||||
noted in Ghidra dependencies within 2 `log4j` jar files. We strongly encourage anyone using
|
||||
previous versions of Ghidra to remediate this issue by either upgrading to
|
||||
[Ghidra 10.1](https://github.com/NationalSecurityAgency/ghidra/releases/tag/Ghidra_10.1_build),
|
||||
or patching your current version. To patch your current Ghidra installation, delete:
|
||||
|
||||
* `Ghidra/Framework/Generic/lib/log4j-api-2.12.1.jar`
|
||||
* `Ghidra/Framework/Generic/lib/log4j-core-2.12.1.jar`
|
||||
|
||||
and replace with the newer log4j 2.15.0 version:
|
||||
|
||||
* [`Ghidra/Framework/Generic/lib/log4j-api-2.15.0.jar`](https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-api/2.15.0/log4j-api-2.15.0.jar)
|
||||
* [`Ghidra/Framework/Generic/lib/log4j-core-2.15.0.jar`](https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.15.0/log4j-core-2.15.0.jar)
|
||||
|
||||
If you are running Ghidra from the development environment, please pull the latest `master` branch
|
||||
(or `patch`/`stable` if applicable), and execute the following to upgrade your repo to the newer
|
||||
`log4j`:
|
||||
```
|
||||
$ gradle prepdev cleanEclipse eclipse
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
# Ghidra Software Reverse Engineering Framework
|
||||
|
||||
Ghidra is a software reverse engineering (SRE) framework created and maintained by the
|
||||
@ -46,6 +21,12 @@ If you are a U.S. citizen interested in projects like this, to develop Ghidra an
|
||||
cybersecurity tools for NSA to help protect our nation and its allies, consider applying for a
|
||||
[career with us][career].
|
||||
|
||||
## Security Warning
|
||||
|
||||
**WARNING:** There are known security vulnerabilities within certain versions of Ghidra. Before
|
||||
proceeding, please read through Ghidra's [Security Advisories][security] for a better understanding
|
||||
of how you might be impacted.
|
||||
|
||||
## Install
|
||||
To install an official pre-built multi-platform Ghidra release:
|
||||
* Install [JDK 11 64-bit][jdk11]
|
||||
@ -137,3 +118,4 @@ source project.
|
||||
[vs]: https://visualstudio.microsoft.com/vs/community/
|
||||
[eclipse]: https://www.eclipse.org/downloads/packages/
|
||||
[master]: https://github.com/NationalSecurityAgency/ghidra/archive/refs/heads/master.zip
|
||||
[security]: https://github.com/NationalSecurityAgency/ghidra/security/advisories
|
Loading…
Reference in New Issue
Block a user