Technic News

Log4j vulnerability fixed in launcher build 707

The log4j vulnerability has been fixed in the latest build of the launcher (707). Just restart it and you'll be updated automatically.

It's incredibly important that you get this update. With this update you'll be safe again.

So what did we do? Well, it depends on the MC version.

  • log4j 2.0-beta9 gets replaced with a patched version (2.0-beta9-fixed) (MC >= 1.7 < 1.12)
  • Any other log4j version gets upgraded to 2.15.0, the one that isn't vulnerable (MC >= 1.12)
  • -Dlog4j2.formatMsgNoLookups=true flag was removed, since it wasn't needed anymore

If you run the ${date:YYYY} test on this, you'll get the 2021 text. However, if you try the actual vulnerability (the JNDI one), it won't be parsed.

Thanks for the patience and have fun!

Comments

You must be logged in to comment. Click here to register a new account or log in.
Thanks! ♥
Pikachu298 2 years ago
Pog
Mineordan12 2 years ago
💯
xJon 2 years ago