Portal Home Announcements Minecraft Exploit Discovered

Minecraft Exploit Discovered

  • Friday, 10th December, 2021
  • 17:00pm

A really bad exploit has been found on all Minecraft servers! Update your Spigot / Paper / other server software now! (Your clients too!)

How bad is it? It lets people run code remotely through chat messages. This is as bad as it gets.

Why is everyone affected? Minecraft uses Log4J which has a serious vulnerability. More here: https://arstechnica.com/information-technology/2021/12/minecraft-and-other-apps-face-serious-threat-from-new-code-execution-bug/

Further sources:

Spigot: https://www.spigotmc.org/threads/spigot-security-releases-%E2%80%94-1-8-8%E2%80%931-18.537204/

PaperMC announcement:

A recently found exploit is already being abused. Depending on your server version this exploit is severe.

We have released a fix for Paper 1.17, Paper 1.18, Waterfall, and Velocity. Please update your servers ASAP.

Fixed versions:

Paper 1.16.5 #792 or higher: https://papermc.io/legacy

Paper 1.17 #399 or higher: https://papermc.io/downloads#Paper-1.17

Paper 1.18 #66 or higher: https://papermc.io/downloads#Paper-1.18

Waterfall #468 or higher: https://papermc.io/downloads#Waterfall

Velocity 3.1.1 #98 or higher: https://papermc.io/downloads#Velocity 

Note: If you are updating Spigot, use BuildTools. If you download a random unofficial distribution, there's a 90% chance that you are not fixing this issue. If you can't figure out how to use BuildTools, use PaperMC instead, it has an easier download method.

« Back