Mirrors/docker-minecraft-server
2
0
Fork 0
mirror of https://github.com/itzg/docker-minecraft-server synced 2024-11-10 14:24:28 +00:00
Code Issues Projects Releases Packages Wiki Activity

fix: log4j patch being applied to <1.7 versions (#1183)

Browse source 
As described in https://www.minecraft.net/en-us/article/important-message--security-vulnerability-java-edition,
versions below 1.7 are not affected by the log4j exploit. They should therefore not use any mitigations.

See #1179 discussion after merge.

Reported-and-tested-by: Daniel Porter "Stealthii" <dan.porter@rehabstudio.com>
This commit is contained in:
Levy Ehrstein 2021-12-11 18:33:44 +01:00 committed by GitHub
parent 3bb21d8581
commit e66b2eda60
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
scripts/start-finalExec
View file

@ -96,7 +96,10 @@ patchLog4jConfig() {
}
# Patch Log4j remote code execution vulnerability
if isFamily VANILLA && versionLessThan 1.12; then
# See https://www.minecraft.net/en-us/article/important-message--security-vulnerability-java-edition
if versionLessThan 1.7; then
: # No patch required here.
elif isFamily VANILLA && versionLessThan 1.12; then
patchLog4jConfig log4j2_17-111.xml https://launcher.mojang.com/v1/objects/dd2b723346a8dcd48e7f4d245f6bf09e98db9696/log4j2_17-111.xml
elif isFamily VANILLA && versionLessThan 1.17; then
patchLog4jConfig log4j2_112-116.xml https://launcher.mojang.com/v1/objects/02937d122c86ce73319ef9975b58896fc1b491d1/log4j2_112-116.xml