A weakness has been identified in a common Java login library. This weakness affects Java Minecraft servers and clients.
Note: Find the official statement from Mojang here. Their article also contains the steps needed to take for Minecraft
1.17.
Step 1. Log in to the MelonCube Games panel.
Step 2. Stop the server.
Step 3. Go to the Startup tab on the left.
Step 4. On the [Advanced] Custom JVM Arguments - End table, input the following: -Dlog4j2.formatMsgNoLookups=true
Step 5. Start the server.
Note: If the server is running
1.17+, the JVM argument is automatically added to the server's startup script by default.
Most of the server versions have been patched, and do not require any fixes as long as the server is running the latest builds. As of the writing of this article, the latest builds of the following versions have all been patched and do not require any fixes.
- Bungeecord
- Paper Waterfall
- CraftBukkit 1.18.1
- Fabric Loader 0.12.10+
- Forge 1.18 (38.0.17)
- Forge 1.17.1 (37.1.1)
- Forge 1.16.5 (36.2.20)
- Forge 1.15.2 (31.2.56)
- Forge 1.14.4 (28.2.25)
- Forge 1.13.2 (2.25.0.222)
- Forge 1.12.2 (14.23.5.2857)
- Paper 1.18.1
- Paper 1.18
- Paper 1.17.1
- Paper 1.16.5
- Paper 1.15.2
- Paper 1.14.4
- Paper 1.13.2
- Paper 1.12.2
- Paper 1.10.2
- Spigot 1.18.1
- Spigot 1.18
- Spigot 1.17.1
- Spigot 1.17
- Spigot 1.16.5
- Spigot 1.15.2
- Spigot 1.14.4
- Spigot 1.13.2
- Spigot 1.12.2
- Spigot 1.11.2
- Spigot 1.10.2
- Spigot 1.9.4
- Spigot 1.8.8
- Vanilla 1.7 to 1.18.1
Note: Proceed with caution and either update or apply the fix Mojang has mentioned for older versions.