From 9b0b2db91a0afe7c96e4702bf7e4d7532c49d0a1 Mon Sep 17 00:00:00 2001
From: Florian Freudiger <25648113+FlorianFreudiger@users.noreply.github.com>
Date: Sun, 28 May 2023 15:27:43 +0200
Subject: [PATCH] Include Log4jPatcher

---
 Dockerfile              |  2 ++
 scripts/start-finalExec | 10 ++++++++++
 2 files changed, 12 insertions(+)

diff --git a/Dockerfile b/Dockerfile
index d1e7278638f..06383167ef3 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -70,6 +70,8 @@ COPY --chmod=644 files/log4j2.xml /image/log4j2.xml
 COPY --chmod=644 files/cf-exclude-include.json /image/cf-exclude-include.json
 COPY --chmod=755 files/auto /auto
 
+RUN curl -fsSL -o /image/Log4jPatcher.jar https://github.com/CreeperHost/Log4jPatcher/releases/download/v1.0.1/Log4jPatcher-1.0.1.jar
+
 RUN dos2unix /start* /auto/*
 
 ENTRYPOINT [ "/start" ]
diff --git a/scripts/start-finalExec b/scripts/start-finalExec
index 8aa178805be..c620b11ca2c 100755
--- a/scripts/start-finalExec
+++ b/scripts/start-finalExec
@@ -77,6 +77,16 @@ if ${useFallbackJvmFlag}; then
   JVM_OPTS="-Dlog4j2.formatMsgNoLookups=true ${JVM_OPTS}"
 fi
 
+if versionLessThan 1.7; then
+  : # No patch required here.
+elif versionLessThan 1.18.1; then
+  if isTrue ${SKIP_LOG4J_PATCHER:-false}; then
+    log "Skipping Log4jPatcher, make sure you are not affected"
+  else
+    JVM_OPTS="-javaagent:/image/Log4jPatcher.jar ${JVM_OPTS}"
+  fi
+fi
+
 if isTrue ${ENABLE_ROLLING_LOGS:-false}; then
   if ! ${canUseRollingLogs}; then
     log "ERROR: Using rolling logs is currently not possible in the selected version due to CVE-2021-44228"