Updating security to the Java version "Minecraft", dealing with extremely dangerous "Log4J" vulnerabilities
Information on measures if you cannot upgrade to the latest version
Mojangの公式TwitterアカウントMojang, a subsidiary of Microsoft, is the latest version of "Minecraft: Java Edition" on December 10 (local time).18.1 was released.It is a security update that has been dealing with the vulnerability (CVE-2021-44228) discovered in the logging library "Apache Log4J", and needs an immediate update.
The "CVE-2021-44228" (commonly known as Log4shell) is an extremely fatal vulnerability that allows you to execute any code from remote just by sending a specific request."CVSS 3.The basic value of "0" is the highest "10.0 ".In addition to "minecraft", it has a wide effect on Java solutions (apps, games, cloud services, etc.) that adopt "LOG4J".
If you play "Minecraft: Java Edition" and do not host your server, you will end all the "Minecraft Launcher" and start "Minecraft Launcher" again to automatically apply the patch.。
However, remodeled clients and third -party launchers may not be updated automatically.In that case, follow the developer's guidance.If you keep using it unpleasant, the user will take risks.
If you are hosting the "Minecraft: Java Edition" server, the following measures are recommended.
1.16.If you are using an old version of 5 or earlier, you need to download the XML format configuration file provided on the official blog, place it in the server working directory, and load it when starting up.Also, 1.The version less than 7 is not affected by the vulnerability.