Nixyri/ghidra
1
0
Fork 0
mirror of https://github.com/NationalSecurityAgency/ghidra.git synced 2024-11-25 05:32:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/Ghidra_10.1'

Browse Source
This commit is contained in:
Ryan Kurtz 2021-12-10 14:20:59 -05:00
commit 42ca00b35d
2 changed files with 36 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Ghidra/Configurations/Public_Release/src/global/docs/ChangeHistory.html
View File

@ -32,6 +32,7 @@
<li><I>API</I>. Updated API methods of the DataTypeChooserDialog. (GP-1349, Issue #3140)</li>
<li><I>Basic Infrastructure</I>. Symbol performance in Ghidra was significantly improved. Specifically, new database indexes were created to improve finding primary symbols as well as improving lookups by combinations of name, namespace, and address. (GP-1082)</li>
<li><I>Basic Infrastructure</I>. Added optional columns in the Functions table for several boolean-valued function attributes. (GP-1393)</li>
<li><I>Basic Infrastructure</I>. Upgraded log4j dependency from 2.12.1 to 2.15.0 to resolve a security vulnerability. (GP-1588)</li>
<li><I>Build</I>. Extension builds can now declare jar dependencies from standard Gradle repositories such as Maven Central. (GP-1144, Issue #2219, #2226)</li>
<li><I>Build</I>. Increased minimum supported Gradle version from 6.0 to 6.4. (GP-1521, Issue #3650)</li>
<li><I>Data Types</I>. Added support for zero-element arrays and zero-length components within structures and unions. Eliminated flex-array API methods and added/improved other Structure methods to handle multiple components which share the same offset. (GP-943)</li>

35
Ghidra/Configurations/Public_Release/src/global/docs/WhatsNew.html
View File

@ -46,6 +46,41 @@
<H2>The not-so-fine print: Please Read!</H2>
<P><span style="color:#FF0000">WARNING:</span> There has been a published CVE security vulnerability noted in Ghidra dependencies within two log4j jar files.
We strongly encourage anyone using previous versions of Ghidra or a build from source, to remediate this issue by either upgrading
to the latest Ghidra 10.1 version, or patching your current version.</P>
<P>
To patch your current Ghidra installation, delete:
<BLOCKQUOTE><UL>
<li>Ghidra/Framework/Generic/lib/log4j-api-2.12.1.jar</li>
<li>Ghidra/Framework/Generic/lib/log4j-core-2.12.1.jar</li>
</UL></BLOCKQUOTE>
</P>
<P>
and replace with the newer log4j 2.15.0 version:
<BLOCKQUOTE><UL>
<li>log4j-api-2.15.0.jar</li>
<li>log4j-core-2.15.0.jar</li>
</UL></BLOCKQUOTE>
</P>
<P>
You can find these in the latest Ghidra 10.1 release, or from:
<BLOCKQUOTE><UL>
<li>https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-api/2.15.0/log4j-api-2.15.0.jar</li>
<li>https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.15.0/log4j-core-2.15.0.jar</li>
</UL></BLOCKQUOTE>
</P>
<P>
The details of the vulnerability can be found here:
<BLOCKQUOTE><UL>
<li>https://nvd.nist.gov/vuln/detail/CVE-2021-44228</li>
</UL></BLOCKQUOTE>
</P>
<P>Ghidra 10.1 is fully backward compatible with project data from previous releases. However, programs and data type archives
which are created or modified in 10.1 will not be useable by an earlier Ghidra version.</P>