Skip to content

saharNooby/log4j-vulnerability-patcher-agent

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits

src/main/java/me/saharnooby/agent/minecraft/log4jfix

src/main/java/me/saharnooby/agent/minecraft/log4jfix

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

pom.xml

pom.xml

 
 

Repository files navigation

log4j-vulnerability-patcher-agent

This agent fixes critical vulnerability CVE-2021-44228 in log4j by patching JndiLookup class, as recommended here.

WARNING: this is not a substitute for proper upgrade to log4j 2.15.0, where this vulnerability was fixed for good. Use this agent IF, and ONLY IF, you can't upgrade log4j in your app.

Agent can run on JRE 8 and higher, in any application (including Minecraft clients and servers).

This will completely disable JNDI in log4j. If you need this functionality, do not use this agent.

How to use

  1. Download agent JAR or build it yourself
  2. Add command line argument -javaagent:/path/to/agent/log4j-vulnerability-patcher-agent.jar to the start command of your app

Example command line:

java -javaagent:/home/user/log4j-vulnerability-patcher-agent.jar -Xmx1G spigot.jar

If everything is OK, on start agent will output [Log4jVulnerabilityPatcherAgent] JndiLookup was patched, vulnerability fixed!.

Build

You will need JDK 8, Maven and Git.

git clone https://github.com/saharNooby/log4j-vulnerability-patcher-agent.git
cd log4j-vulnerability-patcher-agent
mvn clean package

About

Fixes CVE-2021-44228 in log4j by patching JndiLookup class

Topics

agent bytecode log4j fix patch cve

Resources

Readme

License

MIT license
Activity

Stars

3 stars

Watchers

2 watching

Forks

2 forks
Report repository

Releases 1

Initial release Latest
Dec 11, 2021

Packages

No packages published

Languages