Healer

Patch up security vulnerbility CVE-2021-44228 (also known as Log4Shell) for minecraft forge 1.7.10 – 1.12.2, by removing JNDI lookup from Interpolator using reflection and replace the default LoggerContextFactory to catch any LoggerContext loaded after this mod. For more specific technical explainations on how I patched it, please refer to the source code instead.

Currently only works for minecraft 1.12 and before. Tested on 1.7.10 and 1.12.2.

To ordinary players

1. If your launcher has patched this already, you will not need this mod to patch the vulnerability.
2. If you applied mojang's fix, you will not need this mod to patch the vulnerability.
3. If you have FoamFix for 1.7, you will not need this mod to patch the vulnerability.
4. If you have used other fixing mods, ask their original authors if they can "catch any LoggerContext loaded after their mod", if yes, you will not need this mod. Otherwise, replace that mod with this mod, or use a launcher that does patching for you, e.g. MultiMC.

To modpack makers

1. I suggest you to include this mod in your client pack, if it is intended for minecraft 1.7~1.12.2. This will protect your users who is still not aware of this and happen to use a launcher that hasn't patched this.
2. If you also distribute a server pack, and it is intended for minecraft 1.7~1.12.2, adding this mod is not necessary if you applied mojang's fix. However, since many people don't use the StartServer.bat (or something alike) that come with your server pack, chances are they will not use mojang's fixed log4j2.xml. Technically you should not distribute an edited minecraft_server-1.7.10.jar, so adding this jar would be the most straightfoward way of ensuring the user getting a fix.

Похожие моды

Lithium (Fabric) Mod Info Lister McAssistant Seed Protect Exact Spawn Command Logger Command-O-Matic PlayTics Currency