![]() ![]() ![]() Mojang have released manifest updates for their launcher, so as long as you have the latest version of the launcher and restart it, your client should be automatically patched. When we refer to the "server", we'll talking about how you run the Minecraft server jar, such as through a hosting provider such as ourselves. When we refer to the "client", we're talking about how you run Minecraft on your own computer, through the Official Minecraft launcher or other launcher. There are different things needed between the server and client, so we'll cover both here. There are a few things that you can do to ensure you are protected from this exploit. We will continue to monitor the situation and implement any necessary patches to keep our customers and community safe. It's likely we'll be seeing more CVEs related to Log4j over the coming days and weeks, as the security community reviews its codebase and changes. At this time, there is no evidence to suggest that this CVE impacts Minecraft, but the patches we have implemented (as described below) for all Nodecraft customers would prevent the issue either way. Update: As of December 14th, a second CVE ( CVE 2021-45046) was published for an updated version of Lof4j that was released to fix the first issue. It's the second part that makes this such a serious issue, and why many public servers were shut down yesterday to ensure the safety of their players. Essentially though, with the right set of circumstances, this vulnerability allows a malicious actor to at a minimum lock up and/or crash your server, kicking all players, and at worst, execute arbitrary code both on the server and any unpatched connected clients (known as an RCE). Exploit Detailsįor those more technically inclined, you can find full information about this vulnerability in the linked CVE. You can find some more information in the detailed blog post over on. Unfortunately, the severity of this exploit makes it really important for us to bring your attention to it, and provide steps so that you can protect yourself and your players. ![]() This week, an exploit has been found in a very popular logging library Log4j 2, used by many Java applications including Minecraft.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |