Log4j vulnerability mitigated on JDRGaming Minecraft server
- Saturday, December 11 2021 @ 06:40 AM PST
- Contributed by: Jeff Rivett (site admin)
- Views: 1,661
There's a nasty vulnerability in the Log4j library used in thousands of Java applications, including Minecraft.
The JDRGaming Minecraft server is actually running Spigot, which is basically Minecraft plus some improvements. It's running Spigot version 1.17.1, which contains the Log4j vulnerability.
Minecraft 1.18.1 includes a fix for this vulnerability. If you haven't already, you should update your Minecraft client to 1.18.1. Run the launcher and it should install the new version automatically.
However, you won't be able to play on the JDRGaming server with a Minecraft 1.18.1 client. To do that, you'll have to create a special install of the Minecraft 1.17.1 client. The Minecraft launcher allows you to install multiple parallel client installations.
You can safely join the JDRGaming Minecraft server with your Minecraft 1.17.1 client, even though the server is currently running the vulnerable Spigot 1.17.1, because the server is now being run with a special option that mitigates (i.e. negates) the vulnerability.
The JDRGaming Minecraft server will be upgraded to Spigot 1.18.1 soon after it becomes available.