Download Log4J2 JNDI Exploit Fix — Minecraft Mods — MetaMods

Log4J2 JNDI Exploit Fix

Active

0.0

0 reviews
Download

Downloads

0

Last update

3 years ago
Client
Utils
Download

Log4J2 JNDI Exploit Fix — Protection Against Critical Vulnerability

Log4J2 JNDI Exploit Fix is a compact solution for both game client and server, compatible with Fabric and Forge platforms. Its primary purpose is to address a critical vulnerability in Log4J2 discovered in December 2021, which could potentially lead to crashes, freezes, or even remote code execution.

Recommended Alternatives

Instead of installing this mod, it's preferable to update your mod loader to the following versions (when available):

  • Fabric Loader 0.12.12+ for all Minecraft versions
  • Forge 1.18.1-39.0.0+ for Minecraft 1.18.1
  • Forge 1.18-38.0.17+ for Minecraft 1.18
  • Forge 1.17.1-37.1.1+ for Minecraft 1.17.1
  • Forge 1.16.5-36.2.20+ for Minecraft 1.16.5
  • Forge 1.15.2-31.2.56+ for Minecraft 1.15.2
  • Forge 1.14.4-28.2.25+ for Minecraft 1.14.4
  • Forge 1.13.2-25.0.222+ for Minecraft 1.13.2
  • Forge 1.12.2-14.23.5.2857+ for Minecraft 1.12.2

When to Use This Mod

Log4J2 JNDI Exploit Fix becomes the optimal choice when you're using Minecraft versions from 1.7 to 1.18 that aren't listed above, or when essential mods are incompatible with updated loader versions.

How It Works

The mod solves the problem by disabling a dangerous remote content lookup feature in logging systems that isn't used under normal conditions. Without such protection, malicious actors can create harmful chat messages, specially crafted disconnect packets, or other activities affecting log generation with user-controlled content. Since both client and server perform logging, both sides are equally at risk.

Current Security Status

Minecraft, CurseForge, and Fabric Loader developers have already implemented protective measures in their launchers, but some servers and older versions remain vulnerable at the time of this description's creation.

Vulnerable Systems Needing Protection

  • Unprotected Vanilla servers version below 1.18.1-rc3
  • Outdated Fabric or Forge servers
  • Outdated Fabric or Forge clients
  • Forge clients and servers version below 1.12

Systems with Built-in Protection (Don't Require the Mod)

  • Official Vanilla client
  • Updated Fabric clients and servers (Fabric Loader 0.12.12+)
  • Updated Forge clients and servers version 1.12+
  • Clients and servers version 1.18.1-rc3+
  • Any clients and servers manually protected according to Minecraft's official recommendations

Important Compatibility Restrictions

The mod is incompatible with:

  • Forge 1.17+ This is due to module encapsulation features — instead of installing the mod, use the JVM argument: -Dlog4j2.formatMsgNoLookups=true (works only for versions 1.17+!)
  • Fabric with Loader 0.12.10+, since this version already includes a similar fix. Instead of the mod, it's recommended to use Fabric Loader 0.12.12

Installation Safety

Installing the mod won't cause harm even in cases where it's not strictly necessary (except for the incompatibilities mentioned above). During startup, it performs a minimal one-time operation to remove the redundant but potentially dangerous JNDI lookup mechanism.

Important Note

While the mod operates at a fundamental level, there's no 100% guarantee of completely eliminating the vulnerability. It's also important to understand that it doesn't block the transmission of malicious messages between server and clients. Regularly check community and Minecraft sources to confirm your security measures are adequate.

Project members
sfPlayer1

sfPlayer1
modmuss50

modmuss50

Created: 10 Dec 2021

ID: 78379