# TopSpin Log4j Patcher Copyright (c) 2021 BRUKER BIOSPIN GMBH D-76275 Ettlingen, Germany All Rights Reserved You are free to use this tool for the purpose described below. ## Description The TopSpin Log4j Patcher (ts-log4shell-patch) will fix existing TopSpin installations that may use affected Log4j 2 versions. Details about the vulnerability is available here: https://nvd.nist.gov/vuln/detail/CVE-2021-44228 This tool will remove the JndiLookup class from the classpath. This is a recommended mitigation strategy mentioned on the official Apache Log4j website: https://logging.apache.org/log4j/2.x/security.html# ## Changelog #### 1.1.0 (2022-01-14) - Fix detection of TopSpin 3.x (windows only) - Allow unattended application of the patch with command line option "-q". This will patch all automatically detected TopSpin installations. #### 1.0.10 (2022-01-10) - Fix failing application of the patch for TopSpins installed in non standard locations (e.g., directories containing spaces) #### 1.0.9 (2021-12-23) - Fix a regression introduced in 1.0.8 that resulted in failing applications of the patch #### 1.0.8 (2021-12-22) - Skip backing up vulnerable jar files & remove backups produced with earlier versions of the patch #### 1.0.7 (2021-12-21) - Fix backup to unique directories #### 1.0.6 (2021-12-21) - Backup original jar files to unique directories inside TEMP #### 1.0.5 (2021-12-20) - Rephrase misleading log output #### 1.0.4 (2021-12-20) - clean up #### 1.0.3 (2021-12-20) - Also remove JndiManager* classes from log4j2-core-2.7.jar - CVE-2021-44228 - Remove JndiLookup and JndiManager* classes from bsmsserver.jar (TopSpin 4.1.3) - CVE-2021-44228 - Mitigate CVE-2019-17571: Remove SocketNode class from Jmol.jar #### 1.0.2 (2021-12-16) - Add license information #### 1.0.1 (2021-12-16) - Mitigate CVE-2021-44228: Remove JndiLookup class from log4j2-core-2.7.jar in /classes/lib - Backup original jar to TEMP