You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
MSM on my box is fully up to date and appears to be using a compromised version of log4j (2.14.1). Please consider updating this component with the latested patched version from Apache 2.15.0 if possible.
I do not believe those files are part of a normal msm install -- I just checked our source, as well as an msm install I have, and did not find any "log4j" filenames. (I do not believe an Apache web server would be part of a normal msm install, anyway.)
Built vanilla vm with msm installed, and confirms msm does not use log4j directly. My apologies, Minecraft it's self does use log4j, however it may be some other past activity spills that directory out to /opt/msm.
MSM is Vulnerable to log4shell exploit, see page at following link for CVE details regards log4j vunlerability :
https://blog.qualys.com/vulnerabilities-threat-research/2021/12/10/apache-log4j2-zero-day-exploited-in-the-wild-log4shell
MSM on my box is fully up to date and appears to be using a compromised version of log4j (2.14.1). Please consider updating this component with the latested patched version from Apache 2.15.0 if possible.
[root@mybox msm]# msm version
Minecraft Server Manager 0.10.0 Beta
[root@mybox msm]# find . | egrep log4j
./servers/TestServer/libraries/org/apache/logging/log4j
./servers/TestServer/libraries/org/apache/logging/log4j/log4j-slf4j18-impl
./servers/TestServer/libraries/org/apache/logging/log4j/log4j-slf4j18-impl/2.14.1
./servers/TestServer/libraries/org/apache/logging/log4j/log4j-slf4j18-impl/2.14.1/log4j-slf4j18-impl-2.14.1.jar
./servers/TestServer/libraries/org/apache/logging/log4j/log4j-api
./servers/TestServer/libraries/org/apache/logging/log4j/log4j-api/2.14.1
./servers/TestServer/libraries/org/apache/logging/log4j/log4j-api/2.14.1/log4j-api-2.14.1.jar
./servers/TestServer/libraries/org/apache/logging/log4j/log4j-core
./servers/TestServer/libraries/org/apache/logging/log4j/log4j-core/2.14.1
./servers/TestServer/libraries/org/apache/logging/log4j/log4j-core/2.14.1/log4j-core-2.14.1.jar
./libraries/org/apache/logging/log4j
./libraries/org/apache/logging/log4j/log4j-slf4j18-impl
./libraries/org/apache/logging/log4j/log4j-slf4j18-impl/2.14.1
./libraries/org/apache/logging/log4j/log4j-slf4j18-impl/2.14.1/log4j-slf4j18-impl-2.14.1.jar
./libraries/org/apache/logging/log4j/log4j-api
./libraries/org/apache/logging/log4j/log4j-api/2.14.1
./libraries/org/apache/logging/log4j/log4j-api/2.14.1/log4j-api-2.14.1.jar
./libraries/org/apache/logging/log4j/log4j-core
./libraries/org/apache/logging/log4j/log4j-core/2.14.1
./libraries/org/apache/logging/log4j/log4j-core/2.14.1/log4j-core-2.14.1.jar
[root@mybox msm]#
The text was updated successfully, but these errors were encountered: