Thanks for the comments. I've updated the softsqueeze summary metadata to indicate the new source code location. I should have done that ages ago since the SF cvs repository has been marked read only since 2009.
Hello Ralph, Thank you for your reply. I don't have any working exploit code but I undertstand the Log4J and Log for4shell exploits are quite wide and rather damaging. Is this Github repo you mention here the successor to this SourceForge repo and releases? If so, maybe this SF repo should be deprecated to be clearer?
Although it's been identified that the version of log4j v1.2.8 included is vulnerable, can you provide an example of how it can be exploited in softsqueeze? Using the tests from https://log4shell.huntress.com/ I've been unable to do so. However, I have updated the log4j in the softsqueeze repository on github to 1.2.17. https://github.com/ralph-irving/softsqueeze3/commit/0f8f573dc4787895fc48654643ad9ef3b77c19d5
Hello Everyone, It's not clear if the cool SoftSqueeze project is still alive but the Qualys Log4j scanner ( https://github.com/Qualys/log4jscanlinux ) identified this software as being vulnerable. It would be great if it could be updated to use a non-vunerable version of Log4j2-x or at least disable the vulnerable parsing. Thank you! --David
Thanks anonymous. But I found after setting up Java and setting system environment variables for Java (described in Java's Help Pages), I was able to simply make a shortcut for "SoftSqueeze.jar" and execute that, and the play showed up.
Thanks anonymous. But I found after setting up Java and setting system environment variables for Java, I was able to simply make a shortcut for "SoftSqueeze.jar" and execute that, and the play showed up.