Minecraft Java Log4j RCE 0-Day Vulnerability

On the 9th of October, a zero-day exploit affecting Minecraft Java servers and clients using versions 1.7 to 1.18.1 was discovered. This allows malicious users to execute commands on your server without needing to be an operator, through methods such as chat, which can affect your client as well.

Mojang has released a client-sided fix that will be automatically applied by restarting your launcher. Servers however, need to be updated to the latest version, or manually secured. You can find a list of server type versions we have patched so far, or ways to secure your server type below.

Note: This article will be updated continuously as server types are patched.

PATCHED

The following versions have been secured and are safe to play as normal (Note: These are only safe to play if selected from our server type dropdown. Using custom jars may not be protected).

  • Bungeecord
  • Paper Waterfall
  • Paper Velocity (Using the latest version of the official website)
  • CraftBukkit 1.18.2
  • Fabric 1.18.2
  • Fabric 1.18
  • Fabric 1.17.1
  • Fabric 1.17
  • Fabric 1.16.5
  • Fabric 1.16.4
  • Forge 1.18.2
  • Forge 1.18
  • Forge 1.17.1
  • Forge 1.16.5
  • Forge 1.15.2
  • Forge 1.14.4
  • Forge 1.13.2
  • Forge 1.12.2
  • Forge 1.10.2
  • Forge 1.8.9
  • Forge 1.7.10
  • Paper 1.18.2
  • Paper 1.18.1
  • Paper 1.18
  • Paper 1.17.1
  • Paper 1.16.5
  • Paper 1.15.2
  • Paper 1.14.4
  • Paper 1.13.2
  • Paper 1.12.2
  • Paper 1.10.2
  • Spigot 1.18.2
  • Spigot 1.18.1
  • Spigot 1.18
  • Spigot 1.17.1
  • Spigot 1.17
  • Spigot 1.16.5
  • Spigot 1.15.2
  • Spigot 1.14.4
  • Spigot 1.13.2
  • Spigot 1.12.2
  • Spigot 1.11.2
  • Spigot 1.10.2
  • Spigot 1.9.4
  • Spigot 1.8.8
  • Vanilla 1.7 - 1.18.2

UNPATCHED

Warning: The following versions have not been automatically secured and will require manual adjustments in order to be safe to play.

We are currently working on patching these versions. In the meantime, we recommend playing with whitelist enabled. To do so, follow our guide on How to Setup and Manage Whitelisting.

  • CraftBukkit 1.7-1.18
  • Custom Jar: Check the current patch status of the server jar you are using and follow the developer's instructions where needed.
  • Spigot 1.17
  • Spigot 1.16-1.16.4
  • Spigot 1.15-1.15.1
  • Spigot 1.14-1.14.3
  • Spigot 1.13-1.13.1
  • Spigot 1.12-1.12.1
  • Spigot 1.11-1.11.1
  • Spigot 1.10-1.10.1
  • Spigot 1.9-1.9.3
  • Spigot 1.8-1.8.7
  • Spigot 1.7-1.7.10
If you require any further assistance, please contact our support at: https://shockbyte.com/billing/submitticket.php

Mitchell Smith

Managing Director @ Shockbyte

  • 7 Users Found This Useful
Was this answer helpful?

Related Articles

How to Convert Worlds from Vanilla to Spigot

This guide is for converting your worlds from Vanilla to Spigot. If you're looking to convert...

How to Get Help Managing your Minecraft Server

When you are stuck and need help with managing your Minecraft server, there are resources...

How to Join a Minecraft Server (PC / Java Edition)

We have a video tutorial on how to connect to your Minecraft server: If you would like to join...

How to Use Colour Codes on Your Minecraft Server

If you’ve played on other Minecraft servers before, the chances are that you’ll have seen them...

How to: Edit configuration files manually with Notepad++

We have a video tutorial on editing configuration files with Notepad++:   When editing...