Jump to content
MaxCheaters Official Group on Discord
-> Place your ad text here <-
LINEAGE2.GOLD INTERLUDE SERVER ON ESSENCE CLIENT

Log4J Breach

HyperBlown

By HyperBlown
in General Discussion [English]

 Share

Recommended Posts

HyperBlown Proficient

HyperBlown

Posted
Posted (edited)

As you guys may or not know already, the often used "Log4j" Library has been compromised and I Strongly recommend your devs or yourself to take immediate action into updating this library or using something else.
If you dont know what to do, and you are more than sure that you are using this library, you can simply disable any logging that an user has "direct" access to it. For example Chat log, since players can talk whatever they want and it will be processed by the log4j engine.

For more info read it here:
https://www.kaspersky.com/blog/log4shell-critical-vulnerability-in-apache-log4j/43124/

https://www.docker.com/blog/apache-log4j-2-cve-2021-44228/

 

https://www.fastly.com/blog/digging-deeper-into-log4shell-0day-rce-exploit-found-in-log4j

unknown.png

Edited by HyperBlown
  • Thanks 2
  • Upvote 1
Tryskell Rising Star

Tryskell

Posted
Posted

L2J team is aware of that issue since 3 days.

 

About aCis, we never used that library no matter the revision, but I'm aware some forks of my project migrated to it.

 

You can solve the exploit updating log4j lib ASAP to the version 2.15.x and superior.

 

Added to @HyperBlown links, more infos here : https://nakedsecurity.sophos.com/2021/12/13/log4shell-explained-how-it-works-why-you-need-to-know-and-how-to-fix-it/

 

PS : that library is used everywhere, so consider to review your whole server if you own and run multiple services holding Java projects.

  • Upvote 1

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing


  • Posts

    • Databay
      █ 7,000,000+ RESIDENTIAL PROXIES ✅ FROM 0.65$ / GB █

      By Databay · Posted

      This is a bump: https://databay.com/
    • L2ElixirOfficial
      [L2J] L2Elixir

      By L2ElixirOfficial · Posted

      L2Elixir – Patch 4 Is Live!   We’re working non-stop, day and night, to deliver the best possible quality and bring back what made L2Elixir special. This project is built with passion, not shortcuts — for the old-school players who remember, and the new ones who want to experience it properly. Thank you for being part of the journey. Together, we’re making L2Elixir great again ❤️ The legends never fade.    ⚙️ General Enabled Class Change service (same class type only) ALT + B → Services → Character Development Enabled Shift + Click on Treasure Chests Players can now identify real chests (Adena, scroll drops) and use Key / Unlock Event deaths now cancel only debuffs, All self buffs are preserved, fixes issues with Root and similar effects Bladedancer class can now log in even when Max Clients (2) is reached. Since an active Bladedancer is not available for every damage dealer and some players tried to abuse this via VPN or a second PC, this feature was added to keep things fair. protections applies, requires testing!    🎒 Items Crystallizing enchanted items now gives the correct increased crystal amount (retail-like behavior) Removed Agathion Seal Bracelet: Rudolph from Santa rewards (Gracia Final item) Added Dualsword Craft Stamp into Milestone Exchange list    🧙 Skills Fixed Banish Undead lethal chance Hot Springs Malaria and similar effects now level up faster while being attacked
    • Nightw0lf
      [L2J] L2Relic

      By Nightw0lf · Posted

      thats new SEO level tricks you know nothing of noob - bottom line: exposed.
    • FixerRay
      PchelaCoin Top Market Adena/Coin

      By FixerRay · Posted

      Warning: This guy is a big scammer, trying to sell everything, advertising for servers etc. That's his mail address evgesha.nrnr@gmail.com , stay away!   @Atom @Celestine
    • FixerRay
      Hurry to buy Adena! Great prices!

      By FixerRay · Posted

      Warning: This guy is a big scammer, trying to sell everything, advertising for servers etc. That's his mail address evgesha.nrnr@gmail.com , stay away! @Celestine @Atom

  • Topics

×
×
  • Create New...

AdBlock Extension Detected!

Our website is made possible by displaying online advertisements to our members.

Please disable AdBlock browser extension first, to be able to use our community.

I've Disabled AdBlock