2024-12-17 06:01:02|Myriagame |source:minecraft skins
Articles directory
Affecting scope inspection method Repairing method of the original client module loader The original service side of the third-party server temporary defense scheme Warning: Apache log4j2 remote codeExecuting vulnerabilities (CVE-2021-44228) is very serious.
This vulnerability may lead to serious threats to computer data security, so be sure to pay attention.
Vulnerability
The open source Java log frame Apache log4j2 was exposed to the existence of high -risk remote code execution vulnerabilities.Since most of the Java version uses the log framework, most Minecraft players may be attacked due to the vulnerability.
Vulnerability Harm
The attacker can use the vulnerability to execute any command on the player's computer without authorization, including malicious orders such as downloading viruses, occupying system resources, and stealing privacy.Due to the wide range of vulnerabilities and the extremely low threshold for utilization, it will bring players very high safety hazards.
Influence
Note: Only the affected MINECRAFT game version is listed here.In fact, all programs that use this log framework are affected by this vulnerability.
Java version 1.7.2 (13W39A) to Java version 1.18 (1.18.1-RC2) client and server, including: including:
The original client and server -side client and server client and server PAPER, SPIGOT and other third -party server -ends other qualified Java version of the JAVA version of the client and server.
The following version is not affected:
The Java version (all versions) Java version 1.6.4 (13W38C) and the following versions of the Java version 1.18.1 (1.18.1-RC3) and above The BUNGEECORD server test method can check the .minecraft/Assets/log_configs Whether the files below are consistent with the latest version provided by Mojang.13W39A to 17W14A: Client -.7.xml 17W15A to 1.18.1-RC2: Client-12.XML The original client official startup to close the game, restart the startup startupInstrument.When starting the game, the restored version will be downloaded automatically.The third -party promoter shuts down the game, updates the launcher to the latest version, and pays attention to whether it is repaired in the update log to repair this vulnerability.If not, please refer to the#temporary defense plan.Third -party starters such as PCL, HMCL, BAKAXL, etc. have all made an emergency update of this vulnerability. If you are using these starters, please upgrade to the latest version as soon as possible.The module loader Fabric has updated the Fabric Loader to a version 0.12.9 and above.FORGEFORGE states that its multiple versions have contained emergency updates for this log4j vulnerability. The recommended version: 1.18-38.0.1717.17.1.1.16.5-36.2.2015.2-31.2.14.2.241.13.2-25.0.2211.2.2-14.23.5.28561.12.2 and 1.16.5 can try to install this repair MOD for repair.Since most other module loaders have stopped, they are no longer safe. Please repair the starter, or refer to the#temporary defense scheme repair.The original service side 1.18 closed the server, upgraded to 1.18.1, or was repaired according to 1.17.1.17 Close the server, add JVM parameters to the starting script: -dlog4j2.Formatmsgnolookups = True 1.12 to 1.16.5 Close the server, download LOG4J2_112-116.xml Working path.Then add JVM parameters to the start script: -dlog4j.configurationFile = log4j2_112-116.xml 1.7 to 1.11.2 Close the server, download LOG4J2_17-17ML Working path.Then add the JVM parameter to the starting script: -dlog4j.configurationFile = log4j2_17-111.xml The third-party server side Paper, Waterfall, Velocity, Spigot, etc., please close the service side., Update to the latest version.BUNGEECORD is not affected and does not need to operate.Please close the server first.Update the server to the latest version, and pay attention to whether this vulnerability is repaired in the update log.If not, please refer to the#temporary defense plan.Temporary defense schemes are only applicable to clients or servers that use LOG4J 2.10.0 and above versions.The Java version 1.17-PRE1 and above uses log4j 2.14.1, so the following methods can be used.
Add JVM parameters: -dlog4j2.formatmsgnolookups = true .Set the system environment variable log4j_format_msg_no_lookups to True .
13W39A to 17W14A (using LOG4J 2.0-Beta9) and 17W15A to 21W20A (using log4j 2.8.1) cannot use the above methods.
Source: Chinese Minecraftwiki
National Service DNF Dark Ni
2025-01-28 09:19:27
The new screenshot of the be
2025-01-28 09:18:57
The 15th anniversary wallpap
2025-01-28 09:18:27
3DM Xuanyuan Sinicization Gr
2025-01-28 09:17:57
French magazine is the first
2025-01-28 09:17:27
The sneak game "Republic" wi
2025-01-28 09:16:57
The story between humans and
2025-01-28 09:16:27
Capture "Trinity 3: Artifact
2025-01-28 09:15:27
Wind direction change "Myste
2025-01-28 09:14:57
DICE's new project "Dream" w
2025-01-28 09:14:27
Pirate Minecraft Skins
Minecraft Skins
2024-12-10 04:11:27
Pirate Minecraft Skins
Minecraft Skins
2024-12-10 04:11:26
Master Minecraft Skins
Minecraft Skins
2024-12-10 04:11:25
King Minecraft Skins
Minecraft Skins
2024-12-10 04:11:25
Guide Minecraft Skins
Minecraft Skins
2024-12-10 04:11:24
Dark Knight Minecraft Skins
Minecraft Skins
2024-12-10 04:11:23
Sparta Minecraft Skins
Minecraft Skins
2024-12-10 04:11:23
Moncraft Skins of the War
Minecraft Skins
2024-12-10 04:11:22
Red Witch Minecraft Skins
Minecraft Skins
2024-12-10 04:11:22
Golden Cavaliers Minecraft S
Minecraft Skins
2024-12-10 04:11:22