your current location:首页 > news>log4j2 jn di exploit fix minecraft

log4j2 jn di exploit fix minecraft

2024-12-12 09:31:52|Myriagame |source:minecraft skins

Overview

This is a Fabric and FORGE module on the client and server, which is used to repair the Apache Log4J remote code execution vulnerabilities that appeared on December 10, 2021 may cause game crash, stop or remote code execution in some cases.

If you can, please update the module loader to the following version instead of using this module:

Fabric Loader 0.12.12+ is suitable for all Fabric versions;

Forge 1.18.1-39.0.0+ suitable for Minecraft 1.18.1;

Forge 1.18-38.0.17+ suitable for Minecraft 1.18;

Forge 1.17.1-37.1.1+ suitable for Minecraft 1.17.1;

Forge 1.16.5-36.2.20+ suitable for Minecraft 1.16.5;

Forge 1.15.2-31.2.56+ suitable for Minecraft 1.15.2;

Forge 1.14.4-28.25+ suitable for Minecraft 1.14.4;

Forge 1.13.2-25.0.222+ suitable for Minecraft 1.13.2;

Forge 1.12.2-14.23.5.2857+ suitable for Minecraft 1.12.2.

If you want to play in the above list, it is a MC version of 1.7 or more; or if you want to use the module that is incompatible with the above module loader version, installing this module is a good choice.

This module works by remotely searching for a large problem with a large problem, otherwise this function will not be used.If anyone can send malicious chat or disconnecting the connection message, use the error frame data package or other forms of activities. These activities involve the output of the logs controlled by the user control to use the vulnerability.Because clients and servers record logs, they are also facing risks.

Minecraft official lators, CurseForge startups and Fabric module loaders solve this problem in their programs, but when writing this article, the server and some old versions still have vulnerabilities.

The client and server that has been repaired currently, so the MOD is not required:

The latest original client;

The client or server of the latest Fabric module loader (Fabric Loader 0.12.12+);

The client and server of the latest Forge 1.12.2 module loader;

1.18.1-RC3 client and server;

Manually disable any client and server of log4j.

At present, there may be vulnerabilities servers and clients, so the MOD is required:

As early as 1.18.1-RC3, the original server of the disabled LOG4J of LOG4J;

Over -out Fabric or Forge server;

Over -out Fabric or Forge client;

Earlier than 1.12.x Forge module loader client or server.

The following behavior is not compatible with the module:

Use FORGE 1.17+ and Java/JVM parameters -DLOG4J2.FormatMSGNOLOOKUPS = TRUE (only applicable to 1.17+!)

Use the 0.12.10+ Fabric module loader, because it has similar repair, please use the Fabric module loader 0.12.12 instead of this MOD.

Even if it is not compatible with the above, it is not necessary, and it should not be harmful to use the module.It performs a small disposable operation at the beginning to delete the excess but available JNDI search mechanism.

The author cannot guarantee that the module will definitely repair the vulnerability, but it plays a role at the basic level.It does not stop using messages to traverse the server to other clients.

more news

MORE +
Hot news MORE +
Minecraft Skins MORE +