{"id":13834960,"url":"https://github.com/corretto/hotpatch-for-apache-log4j2","last_synced_at":"2026-01-16T20:22:47.686Z","repository":{"id":43386895,"uuid":"437426386","full_name":"corretto/hotpatch-for-apache-log4j2","owner":"corretto","description":"An  agent to hotpatch the log4j RCE from CVE-2021-44228.","archived":false,"fork":false,"pushed_at":"2022-10-24T02:25:53.000Z","size":3751,"stargazers_count":494,"open_issues_count":9,"forks_count":72,"subscribers_count":25,"default_branch":"main","last_synced_at":"2025-07-10T11:59:52.394Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/corretto.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-12-12T01:24:51.000Z","updated_at":"2025-07-03T01:46:30.000Z","dependencies_parsed_at":"2023-01-20T07:32:56.275Z","dependency_job_id":null,"html_url":"https://github.com/corretto/hotpatch-for-apache-log4j2","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/corretto/hotpatch-for-apache-log4j2","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/corretto%2Fhotpatch-for-apache-log4j2","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/corretto%2Fhotpatch-for-apache-log4j2/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/corretto%2Fhotpatch-for-apache-log4j2/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/corretto%2Fhotpatch-for-apache-log4j2/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/corretto","download_url":"https://codeload.github.com/corretto/hotpatch-for-apache-log4j2/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/corretto%2Fhotpatch-for-apache-log4j2/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28482267,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-16T11:59:17.896Z","status":"ssl_error","status_checked_at":"2026-01-16T11:55:55.838Z","response_time":107,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-04T14:00:54.247Z","updated_at":"2026-01-16T20:22:47.659Z","avatar_url":"https://github.com/corretto.png","language":"Java","funding_links":[],"categories":["Detection \u0026 Remediation"],"sub_categories":[],"readme":"# Log4jHotPatch\n\nThis is a tool which injects a Java agent into a running JVM process. The agent will attempt to patch the `lookup()` method of all loaded `org.apache.logging.log4j.core.lookup.JndiLookup` instances to unconditionally return the string \"Patched JndiLookup::lookup()\". It is designed to address the [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228/) remote code execution vulnerability in Log4j without restarting the Java process. This tool will also address [CVE-2021-45046](https://nvd.nist.gov/vuln/detail/CVE-2021-45046/).\n\nThis has been currently only tested with JDK 8, 11, 15 and 17 on Linux!\n\n## Building\n### Gradle\nTo build on linux, mac and Windows subsystem for linux\n```\n./gradlew build\n```\n\nTo build on Windows\n```\n.\\gradlew.bat build\n```\n\nDepending on the platform you are building. This will generate `build/libs/Log4jHotPatch.jar`\n\n### Maven\n\nTo build using Maven use\n\n```\nmvn clean package\n```\n\nThis will generate a `target/Log4jHotPatch.jar`.\n\n## Running\n\nJDK 8\n```\njava -cp \u003cjava-home\u003e/lib/tools.jar:Log4jHotPatch.jar Log4jHotPatch \u003cjava-pid\u003e\n```\n\nJDK 11 and newer\n```\njava -jar Log4jHotPatch.jar \u003cjava-pid\u003e\n```\n\n### Running the static agent\n\nSimply add the agent to your java command line as follows:\n```\njava -classpath \u003cclass-path\u003e -javaagent:Log4jHotPatch.jar \u003cmain-class\u003e \u003carguments\u003e\n```\n\n### Testing the agent\nThere are a set of tests that can be run outside Gradle or Maven.\n```\nbuild-tools/bin/run_tests.sh Log4jHotPatch.jar \u003cJDK_ROOT\u003e\n```\n\n## Known issues\n\nIf you get an error like:\n```\nException in thread \"main\" com.sun.tools.attach.AttachNotSupportedException: The VM does not support the attach mechanism\n\tat jdk.attach/sun.tools.attach.HotSpotAttachProvider.testAttachable(HotSpotAttachProvider.java:153)\n\tat jdk.attach/sun.tools.attach.AttachProviderImpl.attachVirtualMachine(AttachProviderImpl.java:56)\n\tat jdk.attach/com.sun.tools.attach.VirtualMachine.attach(VirtualMachine.java:207)\n\tat Log4jHotPatch.loadInstrumentationAgent(Log4jHotPatch.java:115)\n\tat Log4jHotPatch.main(Log4jHotPatch.java:139)\n```\nthis means that your JVM is refusing any kind of help because it is running with `-XX:+DisableAttachMechanism`.\n\nIf you get an error like:\n```\ncom.sun.tools.attach.AttachNotSupportedException: Unable to open socket file: target process not responding or HotSpot VM not loaded\n\tat sun.tools.attach.LinuxVirtualMachine.\u003cinit\u003e(LinuxVirtualMachine.java:106)\n\tat sun.tools.attach.LinuxAttachProvider.attachVirtualMachine(LinuxAttachProvider.java:63)\n\tat com.sun.tools.attach.VirtualMachine.attach(VirtualMachine.java:208)\n\tat Log4jHotPatch.loadInstrumentationAgent(Log4jHotPatch.java:182)\n\tat Log4jHotPatch.main(Log4jHotPatch.java:259)\n```\nthis means you're running as a different user (including root) than the target JVM. JDK 8 can't handle patching as root user (and triggers a thread dump in the target JVM which is harmless). In JDK 11 patching a non-root process from a root process works just fine. \n\nIf you get an error like this in the target process:\n```\nException in thread \"Attach Listener\" java.lang.ExceptionInInitializerError\n        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n        at java.lang.reflect.Method.invoke(Method.java:498)\n        at sun.instrument.InstrumentationImpl.loadClassAndStartAgent(InstrumentationImpl.java:386)\n        at sun.instrument.InstrumentationImpl.loadClassAndCallAgentmain(InstrumentationImpl.java:411)\nCaused by: java.security.AccessControlException: access denied (\"java.util.PropertyPermission\" \"log4jFixerAgentVersion\" \"write\")\n        at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)\n        at java.security.AccessController.checkPermission(AccessController.java:886)\n        at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)\n        at java.lang.System.setProperty(System.java:794)\n        at Log4jHotPatch.\u003cclinit\u003e(Log4jHotPatch.java:66)\n```\nit means the target process has a security manager installed. Look for this command line option in the target process:\n```\n-Djava.security.policy=/local/apollo/.../apollo-security.policy\n```\nIf you encounter this error, make sure you are using the latest version of the tool\n\n**Important:** If you attempted to patch as the wrong user, you may need to delete `.attach_pid\u003cpid\u003e` files (found in `/tmp` and/or the CWD of the VM process) before trying again. These files need to have the right ownership for attach to succeed.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcorretto%2Fhotpatch-for-apache-log4j2","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcorretto%2Fhotpatch-for-apache-log4j2","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcorretto%2Fhotpatch-for-apache-log4j2/lists"}