Possible Zero-day vulnerability: Log4j - "Log4Shell"

hexparrot / mineos-node

node.js implementation of mineos minecraft management

GNU General Public License v3.0

335 stars 170 forks source link

Possible Zero-day vulnerability: Log4j - "Log4Shell" #451

Open klingon00 opened 2 years ago

klingon00 commented 2 years ago

https://www.zdnet.com/article/security-warning-new-zero-day-in-the-log4j-java-library-is-already-being-exploited/

Vulnerability seems to impact all Minecraft Java edition servers.

In order to mitigate vulnerabilities, users should switch log4j2.formatMsgNoLookups to true by adding:"‐Dlog4j2.formatMsgNoLookups=True" to the JVM command for starting the application.

Can this be added in mineos-node servers by default?

flareofghast commented 2 years ago

update to 1.18.1 https://www.bleepingcomputer.com/news/security/minecraft-rushes-out-patch-for-critical-log4j-vulnerability/

If you are unable to do so you can add the argument to 'Additional Java arguments' box under Java Settings on the servers status page

thetruetype commented 2 years ago

How do I update the docker java version to 1.18?