Skip to content

Selection of ways to remove JndiLookup in now obsolete Minecraft versions, or versions that still have log4j < 2.10 and is unable to use `-Dlog4j2.formatMsgNoLookups=true`

Notifications You must be signed in to change notification settings

LoliKingdom/NukeJndiLookupFromLog4j

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
 
 
 
 
 
 
 
 

Repository files navigation

NukeJndiLookupFromLog4j

Removal of JndiLookup in now obsolete Minecraft versions, or versions that still have log4j < 2.10 and is unable to use -Dlog4j2.formatMsgNoLookups=true.

This is needed because of a major vulnerability introduced by the class' functionality, see more here: apache/logging-log4j2#608

NOTE: This fixes BOTH CVE-2021-44228 / CVE-2021-45046 (A.K.A Log4Shell and an unnamed, but very similar exploit)

  • Java Application: resides in this repository (see releases), that removes JndiLookup.class from any log4j builds you feed via a GUI. Hard removal of the class on the server-side forcibly closing the vulnerability.

  • Forge Mod (CurseForge Link): A Minecraft mod developed for MinecraftForge for Minecraft versions 1.12.2 and lower, a softer, but hacky fix than the aforementioned method.

About

Selection of ways to remove JndiLookup in now obsolete Minecraft versions, or versions that still have log4j < 2.10 and is unable to use `-Dlog4j2.formatMsgNoLookups=true`

Topics

Resources

Stars

Watchers

Forks

Packages

No packages published

Languages