Posted on 10 December 2021 - 11:05 AM

As I'm sure most people know by now, a 0-day exploit was recently discovered in log4j, which Minecraft uses, allowing remote code execution if an attacker is able to cause a certain string to be logged (which is as simple as a player sending a chat message on a server).

Vanilla minecraft just pushed patches to all versions fixing the vulnerability, and lunar announced that they've ensured it doesn't affect them.

Can we get confirmation from Badlion that this issue has been fixed?

I don't know exactly how the patching process works, but simply ensuring that you are getting the latest upstream should fix the issue.

Thanks.

Posted on 10 December 2021 - 11:33 AM

Hey @repeater64,

Badlion has officially patched this exploit, so you are safe to play!

Posted on 10 December 2021 - 12:02 PM

Awesome, thanks for the response.

Posted on 10 December 2021 - 12:44 PM

No problem, glad to help! :)