Possible Zero-day vulnerability: Log4j - "Log4Shell"
Opened this issue · 2 comments
klingon00 commented
Vulnerability seems to impact all Minecraft Java edition servers.
In order to mitigate vulnerabilities, users should switch log4j2.formatMsgNoLookups to true by adding:"‐Dlog4j2.formatMsgNoLookups=True" to the JVM command for starting the application.
Can this be added in mineos-node servers by default?
flareofghast commented
update to 1.18.1
https://www.bleepingcomputer.com/news/security/minecraft-rushes-out-patch-for-critical-log4j-vulnerability/
If you are unable to do so you can add the argument to 'Additional Java arguments' box under Java Settings on the servers status page
thetruetype commented
How do I update the docker java version to 1.18?