Critical security vulnerability in Log4j
Kron4ek opened this issue · 1 comments
Recently a critical security vulnerability that allows remote code execution was discovered in the Log4j library (see CVE-2021-44228). Minecraft is affected since it uses this library.
Vortex Minecraft Launcher does not include a fix for this vulnerability yet (fixed in version 1.1.17), all Minecraft versions (including latest 1.18.1 i believe) that you run using it are affected.
To avoid being hacked, do not play multiplayer on any public Minecraft servers until i release a new launcher version. Or use a different launcher that is not affected (for example, MultiMC).
It is important to note that singleplayer is safe to play. Playing multiplayer on private servers that have limited access only to your friends is also safe (if you trust your friends, of course).
New launcher version is out, the vulnerability has been fixed.