There has been a weakness identified in a common Java login library. This weakness affects Java Minecraft servers and clients.
Note: Find the official statement from Mojang here. Their article also contains the steps needed to take for Minecraft
1.17.
Step 1. Log in to the MelonCube Games panel.
Step 2. Stop the server.
Step 3. Go to the Startup tab on the left.
Step 4. On the [Advanced] Custom JVM Arguments - End table, input the following: -Dlog4j2.formatMsgNoLookups=true .
Step 5. Start the server.
Note: If the server is running
1.17+, the JVM argument automatically adds the correct argument by default to the server's startup script.
Most of the server versions have been patched, and do not require any fixes as long as the server is running the latest builds. As of the writing of this article, the latest builds of the following versions have all been patched and do not require any fixes.
- Bungeecord
- Paper Waterfall
- CraftBukkit 1.18.1
- Fabric Loader 0.12.10+
- Forge 1.18 (38.0.17)
- Forge 1.17.1 (37.1.1)
- Forge 1.16.5 (36.2.20)
- Forge 1.15.2 (31.2.56)
- Forge 1.14.4 (28.2.25)
- Forge 1.13.2 (2.25.0.222)
- Forge 1.12.2 (14.23.5.2857)
- Paper 1.18.1
- Paper 1.18
- Paper 1.17.1
- Paper 1.16.5
- Paper 1.15.2
- Paper 1.14.4
- Paper 1.13.2
- Paper 1.12.2
- Paper 1.10.2
- Spigot 1.18.1
- Spigot 1.18
- Spigot 1.17.1
- Spigot 1.17
- Spigot 1.16.5
- Spigot 1.15.2
- Spigot 1.14.4
- Spigot 1.13.2
- Spigot 1.12.2
- Spigot 1.11.2
- Spigot 1.10.2
- Spigot 1.9.4
- Spigot 1.8.8
- Vanilla 1.7 to 1.18.1
Note: Proceed with caution and either update or apply the fix mentioned by Mojang for older versions.