New security issue with MC servers and clients.

[UbiOne]

Hi! There is a new issue going on with the Minecraft Servers and Clients.

I just wanted to share it here cause its very important.

Im lazy, so i just copy a post from the shaderLABS Discord to here with the most information included.

 

- It allows hackers to execute harmful code (A.K.A run their own program, for example a virus) by sending a chat message in multiplayer.

- It affects Minecraft versions from 1.7 to present.

- If you play singleplayer you are safe, but don't start (or connect to) any LAN servers unless you have followed the instructions below.

- The latest Paper and Fabric builds have built-in fixes. Forge has not yet added a fix for this, but the manual fix (below) will work on forge too. - Mojang has yet to comment or acknowledge the bug. It's hours old at this current point.

 

For players: Do not join any servers unless you have the latest fabric, or you have done the fix (documented lower down).

For server owners: Immediately enable whitelist and add the java argument to launch, or if you're on paper, downloaded the most recent release.

 

Instructions for how to secure yourself

1. Disconnect from any multiplayer servers and close Minecraft.

2. Open your Minecraft Launcher and go to the Installations tab.

3. For every installation you use, do the following:

4. Select it, and click on the "More Options" dropdown.

5. Scroll down to the "JVM Arguments" textbox.

6. At the beginning of the text, add the following exactly: -Dlog4j2.formatMsgNoLookups=true . See screenshot for example.

7. Repeat for every installation you wish to use.

 

Server Owners

1. Stop your server.

2. Edit your launch arguments to include -Dlog4j2.formatMsgNoLookups=true.

3. Relaunch your server. You are now safe from this exploit. Alternatively, use the latest fabric or paper server builds, which include the fix as well.

 

As i know, Minehut already patched this on thier servers, but your clients are remain unsafe for now.

More information about Minehut doing things about the bug: https://twitter.com/minehut

[_Tarna_]

looks like it was kinda fixed

https://www.minecraft.net/en-us/article/important-message--security-vulnerability-java-edition

 

[pnguin]

So fun that i cant chat or message my friends  

[EmptyRooms_]

The thing is they added a patch 1.18.1 but i cant enter it it says i need to update my hard drive but its a windows 7 its really old in fact no updates have been given since the end of 2020 so i cant

[AgentGamerPro]

11 hours ago, EmptyRooms_ said:

The thing is they added a patch 1.18.1 but i cant enter it it says i need to update my hard drive but its a windows 7 its really old in fact no updates have been given since the end of 2020 so i cant

thats sadge. Best thing you could do is download a virtualbox and play the patch there.

[pnguin]

Do i have to rlly update my server to 1.18.1? 

[AgentGamerPro]

11 hours ago, skPolar said:

Do i have to rlly update my server to 1.18.1? 

Important Message: Security vulnerability in Java Edition | Minecraft

If youre using 1.17, probably not