Voldeloom uses xz-java to unpack the "binpatches.pack.lzma" file present in Forge 1.6 and 1.7. In other news, the xz maintainer has apparently just outed themself as the type to add backdoors into binaries: https://www.openwall.com/lists/oss-security/2024/03/29/4
note that xz-java is a separate project and I don't think it uses the native xz binaries... but still. They're under the same organization and the same author commits to both. Switching to another lzma decompressing solution might be a good idea.
Voldeloom uses
xz-java
to unpack the "binpatches.pack.lzma" file present in Forge 1.6 and 1.7. In other news, thexz
maintainer has apparently just outed themself as the type to add backdoors into binaries: https://www.openwall.com/lists/oss-security/2024/03/29/4note that xz-java is a separate project and I don't think it uses the native xz binaries... but still. They're under the same organization and the same author commits to both. Switching to another lzma decompressing solution might be a good idea.