Skip to content

AzisabaNetwork/Log4j2Fix

Folders and files

NameName
Last commit message
Last commit date

Latest commit

d4e60de · Dec 21, 2021

History

14 Commits
Dec 21, 2021
Dec 10, 2021
Dec 10, 2021
Dec 21, 2021
Dec 10, 2021
Dec 21, 2021

Repository files navigation

Log4j2Fix

This program fixes remote code execution vulnerability in log4j2 (v2.0.0 - v2.14.1).

Usage

This program can be used as wrapper for another jar file:

java -javaagent:Log4j2Fix-1.0.0.jar ... or java -jar Log4j2Fix-1.0.0.jar another-jar-file.jar [main class if MANIFEST.MF does not have Main-Class attribute] [arguments]

(例) java -javaagent:Log4j2Fix-1.0.3.jar -jar paper-1.15.2.jar もしくは java -jar Log4j2Fix-1.0.3.jar paper-1.15.2.jar

Note

  • This does not protect from ldap server hosted by localhost (127.0.0.1)
  • If installed on server, it does not protect client from being abused. To protect the client, you would need a different solution such as blocking a malicious packet.
  • If installed on Minecraft server, you can protect the client by doing these additionally:
    • (Cancel malicious ChatEvent on BungeeCord)
    • Using SpigotLog4j2Fix on Spigot/Paper
    • Cancel outbound packet that contains malicious string
  • Or alternatively, you can upgrade log4j2 to 2.17.0.

About

Fix for log4j2

Resources

License

MIT, Apache-2.0 licenses found

Licenses found

MIT
LICENSE
Apache-2.0
log4j2-LICENSE.txt

Stars

Watchers

Forks

Packages

No packages published

Languages