fr1kin
commented
4 months ago ForgeHax uses whatever version of Log4J Minecraft and Forge use. There is not much I can do about that, hopefully Forge has dealt with the issue. Also there is a java parameter you can add that will disable the cause of the exploit. I forget what it is though.
marpisco
In the screenshot you can see that the log.txt file from "ForgeHax-1.16.5-3.3.1\build\reobfJar\log.txt" shows that forgehax is built using a vulnerable Log4j version, namely "log4j-core-2.11.2.jar"
Source: "https://logging.apache.org/log4j/2.x/security.html"
What do you guys think about this ? Is the version being old not a problem since Forge has "patched" Log4j on its own on newer versions than 36.2.20 (for 1.16.5) ? I personally updated Log4j to a newer version.