Technic News

Log4j vulnerability fixed in launcher build 707

The log4j vulnerability has been fixed in the latest build of the launcher (707). Just restart it and you'll be updated automatically.

It's incredibly important that you get this update. With this update you'll be safe again.

So what did we do? Well, it depends on the MC version.

  • log4j 2.0-beta9 gets replaced with a patched version (2.0-beta9-fixed) (MC >= 1.7 < 1.12)
  • Any other log4j version gets upgraded to 2.15.0, the one that isn't vulnerable (MC >= 1.12)
  • -Dlog4j2.formatMsgNoLookups=true flag was removed, since it wasn't needed anymore

If you run the ${date:YYYY} test on this, you'll get the 2021 text. However, if you try the actual vulnerability (the JNDI one), it won't be parsed.

Thanks for the patience and have fun!

Comments

You must be logged in to comment. Click here to register a new account or log in.
💯
xJon 1 month ago
Pog
Mineordan12 1 month ago
Thanks! ♥
Pikachu298 1 month ago
it wont let me play with my friends at all so my friends are getting worried
ddddddddddd
please help me
help me it wont work and someone is hurting me
help me
help me
help me
help me please im losing my mind
help me
help me my game always crashes
help
help
can i have help