The goal of this project is to provide Minecraft players, and server owners, peace of mind in regards to the recently discovered Log4J exploit (CVE-2021-44228).
Currently this project looks for any Log4J format strings, not just jndi, and either replaces them or stops them from being logged entirely depending on your configuration.
See features, supported platforms, and more below.
I would much appreciate any help from others, whether it be by contributing or by suggesting features, platforms, etc. via an issue.
- Spigot/Bukkit (Tested Spigot 1.8.9, 1.12.2)
- Bungeecord (Tested Waterfall)
- Velocity
- Sponge
- Forge (I know it should be fixed, but people keep asking me to make a mod anyways)
- Vanilla/All Clients via Java Agent
- Chat & Command filter
- Item Name filter
- Player username filter (for offline/bungee servers) (Yes, usernames can be Log4J formats)
- Mob name filter (Spawning & Renaming)
- Chat & Command filter
- Player username filter (Yes, usernames can be Log4J formats)
- Customizable messages
- Toggles for all listeners, individual for each platform
Specifics need to be filled in