console Posted December 12, 2021 Share Posted December 12, 2021 (edited) Do you guys use log4j in any of the server/client code? There is a Vulnerability that allows remote code execution within the log4j package within java versions 2.0 - 2.14.1 I have attempted to ask in discord but do not get any response. To give an idea of the seriousness of this issue, minecraft was vulnerable to this via the chat system. To mitigate on servers before a patch is released add the following JVM arguments to your startup command line: -Dlog4j2.formatMsgNoLookups=true Edited December 12, 2021 by console Link to comment Share on other sites More sharing options...
Kirrus Posted December 12, 2021 Share Posted December 12, 2021 The game does not use log4j console 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now