MiniDay/Velocity
1
0
Fork 0
Code Issues Pull Requests Packages Releases Wiki Activity

Exclude org/apache/logging/log4j/core/lookup/JndiLookup.class entirely

Browse Source 
It's the one sure-fire way to prevent further exploits using JNDI through Log4j.
This commit is contained in:
Andrew Steinborn
2021-12-14 19:37:37 -05:00
parent 002452e755
commit fd842c4364
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
proxy/build.gradle
View File

@@ -153,6 +153,9 @@ shadowJar {
// Exclude Checker Framework annotations // Exclude Checker Framework annotations
exclude 'org/checkerframework/checker/**' exclude 'org/checkerframework/checker/**'
// Exclude a Log4j class well-known for its use in recent security exploits.
exclude 'org/apache/logging/log4j/core/lookup/JndiLookup.class'
relocate 'org.bstats', 'com.velocitypowered.proxy.bstats' relocate 'org.bstats', 'com.velocitypowered.proxy.bstats'
} }