Possible Zero-day vulnerability: Log4j - "Log4Shell"

Question

Possible Zero-day vulnerability: Log4j - "Log4Shell"

Opened this issue 3 years ago · 2 comments

https://www.zdnet.com/article/security-warning-new-zero-day-in-the-log4j-java-library-is-already-being-exploited/

Vulnerability seems to impact all Minecraft Java edition servers.

In order to mitigate vulnerabilities, users should switch log4j2.formatMsgNoLookups to true by adding:"‐Dlog4j2.formatMsgNoLookups=True" to the JVM command for starting the application.

Can this be added in mineos-node servers by default?

Answer 1 · 2021-12-10T21:10:01.000Z

update to 1.18.1
https://www.bleepingcomputer.com/news/security/minecraft-rushes-out-patch-for-critical-log4j-vulnerability/

If you are unable to do so you can add the argument to 'Additional Java arguments' box under Java Settings on the servers status page

Answer 2 · 2022-05-01T20:44:28.000Z

How do I update the docker java version to 1.18?