Removal of JndiLookup in now obsolete Minecraft versions, or versions that still have log4j < 2.10 and is unable to use

Related tags

Security java minecraft security exploit log4j rce jndi log4j2 jndi-lookups
Overview

NukeJndiLookupFromLog4j

Removal of JndiLookup in now obsolete Minecraft versions, or versions that still have log4j < 2.10 and is unable to use -Dlog4j2.formatMsgNoLookups=true.

This is needed because of a major vulnerability introduced by the class' functionality, see more here: https://github.com/apache/logging-log4j2/pull/608

NOTE: This fixes BOTH CVE-2021-44228 / CVE-2021-45046 (A.K.A Log4Shell and an unnamed, but very similar exploit)

  • Java Application: resides in this repository (see releases), that removes JndiLookup.class from any log4j builds you feed via a GUI. Hard removal of the class on the server-side forcibly closing the vulnerability.

  • Forge Mod (CurseForge Link): A Minecraft mod developed for MinecraftForge for Minecraft versions 1.12.2 and lower, a softer, but hacky fix than the aforementioned method.

You might also like...

Messenger - A Java based project making use of Sockets for communication between the applications running on different JRE

Messenger - A Java based project making use of Sockets for communication between the applications running on different JRE. Multiple clients can connect at the same time and can send messages to each other, they also get the information of status of their friends connected to the server .

Jan 2, 2022

A Vaadin example application that use Firebase Authentication as its user database

Vaadin + Firebase Auth example A trivial example to use Firebase Authentication with a Vaadin application. The app is built based on start.vaadin.com

Mar 9, 2022

A injection client for Minecraft 1.8.9forge,forked and optimize on VapuLite

A injection client for Minecraft 1.8.9forge,forked and optimize on VapuLite

May 8, 2022

A simple HWID authentication system for your minecraft mod.

HWID-Authentication-System A simple HWID authentication system for your minecraft mod. This is a simple mod which can prevent unwanted users from runn

Dec 10, 2022

A simple HWID authentication system for your minecraft mod.

HWID-Authentication-System A simple HWID authentication system for your minecraft mod. This is a simple mod which can prevent unwanted users from runn

Dec 10, 2022

This is plugin for 1.17 Spigot/Bukkit Minecraft's servers.

This is plugin for 1.17 Spigot/Bukkit Minecraft's servers. This plugin fixes BowExploit(BowBomb) that found recently. Meteor Client developers released their fix, but the problem is that it fixes vanills arrow mechanics. Together I with https://github.com/l1tecorejz we made a plugin that fixes the exploit and doesn't

Jan 3, 2023

Open Source Identity and Access Management For Modern Applications and Services

Keycloak Keycloak is an Open Source Identity and Access Management solution for modern Applications and Services. This repository contains the source

Jan 5, 2023

This application can recognize the sign language alphabets and help people who do not understand sign language to communicate with the speech and hearing impaired.

This application can recognize the sign language alphabets and help people who do not understand sign language to communicate with the speech and hearing impaired.

Sign Language Recognition App This application can recognize the sign language alphabets and help people who do not understand sign language to commun

Oct 7, 2021

JAP is an open source authentication middleware, it is highly decoupled from business code and has good modularity and flexiblity. Developers could integrate JAP into web applications effortlessly.

JAP is an open source authentication middleware, it is highly decoupled from business code and has good modularity and flexiblity. Developers could integrate JAP into web applications effortlessly.

🎨 JAP 是什么? JAP 是一款开源的登录中间件,基于模块化设计,并且与业务高度解耦,使用起来非常灵活,开发者可以毫不费力地将 JAP 集

Dec 1, 2022
Comments
  • small question

    small question

    what does this thing do other than deleting a file? ssorry, i don't really understand what's going on right now. besides can't we delete this file manually, by editing the jar?

    opened by Droid-Hai 15
  • Add support for 1.7.10

    Add support for 1.7.10

    This PR adds support for 1.7.10. The 'jar' task will generate a jar that supports both 1.7.10 and 1.12.2.

    I testd with forge 1.12.2-2847 and 1.7.10-1614

    opened by anatawa12 1
Releases(java_app)
Owner
THONK Monarchy
Our goal is to reach Loli Valhalla. 我們的目的是要到達蘿莉天堂。私たちの目標は、ロリヴァルハラに到達することです。
THONK Monarchy
GitHub
Fixes the log4j exploit from being sent to Minecraft clients.

⚠️ DEPRECATION ⚠️ Mojang has now released client updates, making this plugin obsolete. Make sure to fully restart your client. If you haven't already

Frank van der Heijden 42 Oct 25, 2022
Burp Active Scan extension to identify Log4j vulnerabilities CVE-2021-44228 and CVE-2021-45046

Log4j-HammerTime This Burp Suite Active Scanner extension validates exploitation of the Apache Log4j CVE-2021-44228 and CVE-2021-45046 vulnerabilities

DXC Technology - StrikeForce 8 Jan 8, 2022
LOG4J Java exploit - WAF and patches bypass tricks

?? Show your support - give a ⭐️ if you liked the content | SHARE on Twitter | Follow me on ??‍?? ✂️ ?? LOG4J Java exploit - WAF and patches bypass tr

Maciej Pulikowski 871 Jan 7, 2023
CVE-2021-44228 (Apache Log4j Remote Code Execution)

CVE-2021-44228 (Apache Log4j Remote Code Execution) all log4j-core versions >=2.0-beta9 and <=2.14.1 The version of 1.x has other vulnerabilities, it

Roxas77 10 Apr 23, 2022
A small and easy-to-use one-time password generator library for Java according to RFC 4226 (HOTP) and RFC 6238 (TOTP).

OTP-Java A small and easy-to-use one-time password generator for Java according to RFC 4226 (HOTP) and RFC 6238 (TOTP). Table of Contents Features Ins

Bastiaan Jansen 106 Dec 30, 2022
A small and easy-to-use one-time password generator library for Java according to RFC 4226 (HOTP) and RFC 6238 (TOTP).

OTP-Java A small and easy-to-use one-time password generator for Java according to RFC 4226 (HOTP) and RFC 6238 (TOTP). Table of Contents Features Ins

Bastiaan Jansen 106 Dec 30, 2022
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

Themis provides strong, usable cryptography for busy people General purpose cryptographic library for storage and messaging for iOS (Swift, Obj-C), An

Cossack Labs 1.6k Dec 29, 2022
Tink is a multi-language, cross-platform, open source library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.

Tink A multi-language, cross-platform library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse. Ubuntu

Google 12.9k Jan 3, 2023
Unofficial Clubhouse web app client. For personal use only. It's a personal open-source project and not affiliated with any company.

Purpose of this web app That's a personal project and not affiliated with any company. This is the web client app to make your Club House experience b

Sergei Ovchinnikov 45 Nov 15, 2022
Are you suffering from forgetting to do HoYoLAB check-in? Use this and be free from it!

GADC 가득 Auto Daily Check-in for Genshin Impact Are you suffering from forgetting to do HoYoLAB check-in? Use this and be free from it! 원신 일일 출첵 매일 까먹으

ForestHouse 2 Jul 11, 2022