#general

bigrat.monster

krusic bro

havent looked into it lol, but its not that hard

ASM otaku

with a syringe

How bad is it

Is it like a coordinate exploit or like code executtion

well look at it lie this

it got an everyone ping in the papermc discord

that should help you gauge how bad it is

9.8/10 rating

fitsmc video wen

https://www.spigotmc.org/threads/security-releases-—-1-8-8–1-18-1.537204/

btw, spigot post.

THE WORST EXPLOIT IN MINECRAFT HISTORY

One probably exists as it is just backporting a fix

nah

md not being late to the party for once

Even did all the versions.

yeah

imagine not knowing the string to crash the server

dammit

that should also

shouldve let the old versions to rot lmao

tell you how bad it is

its funny cuz this exploit is like super old

went all the way back to 1.8.8

still works on 1.8+ btw

as long as it uses logj4 2

such a nice guy

What does the exploit allow for?

Well now we can send Paper 1.8 users to Spigot so not our problem

drugs

crash a server

Crash 👍

instantly

as if we didnt already

kek fucking w

by pasting something in chat

Is the exploit only able to affect the server, or do we know for certain it can affect clients end accounts?

so this means Paper is behind Spigot on 1 commit in all the older versions

How does this exploit work ? I wanna try it to see if i'm vulnerable

i mean, we can just fork and sync upstream i guess? but still, quite funny

if they can do it on your client you have bigger issues lol

The client thing is IN THEORY, we've seen noone run code on a client yet.

Pins in #paper-help is all we've got

why are all these exploit questions leaking into general chat now

go away

Ahh okay, yeah just making sure. Thanks for the speedy responses.

i got a tool that can do the exploit but its 0.5btc

ded trying to pay off college

paper general is only for mild shitposting and trolling

yes

only $24k what a deal

no

too real

Yo what is happening

bannable if posting exploit in this discord?

i'll dm it to you for free 😉

Yes.

ight

this pfp should be bannable

larrypls

wait

where is the ping

hi

no :D

ok

hes duper trooper

epic yt

dont ban

ty

what the fuck is that a trumpet in my shoegaze????

If you're just here to flood the channel you will be booted.

Holy cow

no no

Cat you saved yourself there x)

Paperhelp is flooding

;-;

cat being based, for once

!ban @void void Go be annoying elsewhere

:raised_hands: Banned Grass#0926 (Go be annoying elsewhere) [1 total infraction] -- electronicboy#8869.

should I load my world on my personal pc then move it over the my server

instead of making chunky run for 12 hours on my server

i think me sending cat shoegaze made him a little triggerhappy

what would be the point

y ban duper

would it not be faster?

smh

Please don't link that since it contains a POC

hey noah

Yeah deleted. Thanks Noah

Hi naomi

irc remembers all.

#general is lovely after a @ everyone ping

yeah

Always is

Is the log4j vulnerability fixed in this version of Velocity? https://github.com/PaperMC/Velocity/commit/2cff5b3b021f87289e4880f9bbec81320f5643de

Yes

awesome

cant wait to see >2k messages in every channel when i wake up again in 6-7 hrs

chunky a lot faster on my pc than on my server

it only 5:18pm Here

yes but i dont live where you live

yeah on my pc it reached the same point my server got to in 1/10th of the time lol

consistently about 3x faster

the poc is on github which means everyone knows it now

news flash, your pc has more resources than your server

thats what happens if you run on shared hosting lol

right, but someone said "What is the point"

news flash, ded is a hardware expert

true

gl transferring all the files tho

hardware is hard, software is not

what exactly is the scope of the exploit? have any technical details been released?

ded how good is your x86_64 asm

remote code execution

on old java versions

Can we get an exploit slash command?

kashike pls

I don't see how the exploit could be used in mc though

mc is java bro

@faint wing someone pastes a funy lookin message in your server chat

server crashes

👍

where exactly? i saw libs mentioned but is there one in specific?

Yeah, that's what everyone keep saying

yeah, the Log4J GitHub repository has the commits that fix the exploit. it's a remote code execution exploit. it can run code in your machine.

if you can RCE on the host machine or even the container, you can access the MC server

but it also requires an error from the user of the library it seems to me

(am a sys/netadmin)

like an sql injection kind of thing

thats why you run your server as root btw

Thanks for the info

just passing raw strings to your logger

🤣

if i ever finished the mc server i started

https://tenor.com/view/brooklyn-nine-nine-test-results-dumb-dumbass-you-are-so-stupid-gif-14192289

you wont

jokes on you, it doesnt hurt me

how many chunks should I stop at with chunky

on an smp

i would just write a little ""virus"" into it that does an rm -rf / --no-preserve-root

currently at like 77k

go until it's finished, ez

I did 10k radius

since I could just stop whenever

but even on my pc it'll take 3 hours

kinda sorta. I've yet to read on how the exploit works but an attacker could pass a linux command through to the system running the server. if you're running something like ptero, the damage will be isolated to that server/container, if you run your servers on the host itself, then it can affect all your servers (in general. there's obviously a lot of nuance to it)

jokes on you I run my servers on a windows vm on my raspberry pi

what is the scope of the log4j thing? rce with permissions of user running the server? do they have to be whitelisted to exploit it?

shudders

and wipe out the linux system and in the case of a MSI laptop permantly brik the UEFI

just install windows

MSI laptops literally break themselves without user intervention anyways

ez

you don't need a virus

Just a crash 👍

okay thx

potentially an rce

It only crashes server if spamming a lot

it's a "in theory, yes rce"

but noones done it yet

i feel like it could be exploited further if you went deep into it, but too much reading to figure out exactly what lol

so... maybe.

I fucking hate MSI, but this isn't specific to them. Any board that lets you r/w efivars can be bricked this way

Well, "bricked"

can someone link me the commit in the log4j repo so I can see how it actually works?

Almost nobody is concerned with RCE, only affect old Java builds (even Java 8 is patched since build 120)

I can't even figure out what I have to read

We're not doing like open discussion about it here.

@molten zodiac hey weren't you a owner on 0b0t?

Bad people lurk this Discord for the smallest inkling of Paper fucking up purely to cause chaos, so we're not gonna talk about it. 👍

You can FIND it, but noone here's gonna help @solemn geyser

Check GitHub, the commits are all public

https://tenor.com/view/spongebob-squarepants-several-bad-decisions-later-fml-fuck-my-life-my-bad-gif-17544624

Tested the exploit, not working on ANY server if your Java is up to date (even Java 8)

So, is the exploit fixed on the newest versions of paper/spigot?

(I mean the rce, still can crash)

Okay I'm just gonna avoid this Discord for the next week, the everyone ping brought in all the dumbasses

imagine doing this on 2b2t lol

imagine touching grass

true

How can i test this on my server?

those poc on the internet are using old Java 8 builds from 2017 u_u

taking jahy with you soup

hello soup

8*

how exactly?

see you later naomi

nothing of value lost

dyor, not gonna talk about it more

Too late

was it patched

It was performed

LOL

just relax, your servers are safe if u installed / updated it in the 3 last years

And 2b is down rn

i'll get my discord acc back soon, to troll some sense into the kids

What is an orange?

dont listen to papermc mods!!! they are trying to forcfe you to update your java to a version built since 20fucking17! HOLD YOUR GROUND and run 1.7 on java 6!!!!!!!!!!1

an orange is a round citrus fruit that grows on trees

wrong

that is a purple

downgrade to java 1 to fix the exploit btw 🙏

Lmao

don't you mean uninstall java?

Being vulnerable is the vulnerability! :P

uninstall java, install ransomware

rosa reimplements the jvm in rust when

wannacry ftw

no server =safe server

soontm

lets go

no more buffer overflow exploits in MY jvm

no more memleaks

naomi don't make me buffer overflow irc

mja dont make me buffer overflow your aorta.

ok

I'll take your memleaks off your hands and fill a McDonalds medium cup with it

that's kinda hot 😳

the c in cpp stands for pain and cuferring

the r in Rustlang stands for based

the c in cpp stands for crap

ez

the c in cpp stands for cracked

how can you stand a green terminal

my terminal is green

just less terrible

xterm256 exists for a reason

the m in V stands for magnificent

see

pins in #paper-help

check pins

bro enter is not a spacebar

reading real hard

me no read

how do werk?

im gonna abuse clipboard history

why

yes we know md5 patched every version

do we care?

probably not

How’s dart

ew

you’re ew

not having anything other than int and double makes it basically the same as elshout

dart is fine

why does it bother you so much naomi

You can just get a library if you need it so damn much

that's the thing

there is no library for it

i had more than 20 tabs open trying to find one, aight?

like yeah i like the language but not having byte, short etc is kinda a dealbreaker for me

naomi stop using esoteric langs

just write valk in c

also haha my phone 69 percent https://naomi.s-ul.eu/9WBTR9Hm

Nice.

It's a valid patch. Different approach to not break things.

Naomi what time is it for you

23:40

11:40PM

11:40pm for 12 hr clock plebs ye

Americanians

and i like my Farenheit!

then why do computers prefer celsius?

checkmate.

papermc exploit involving how log4j handles the conversion of text

mine all display in Farenheit.

furenhai better becaus you feel the changes

‘murica land of the free

not just a papermc exploit, ivx

but yeah dap, dart is cool but not right for a minecraft server

Then why say ew

welp

You dum

naomi isn't it past your bedtime

yes

nice

but i am in bed already

oh

nah she a working girl

ok

been for a while

working til the sun rises

I haven't gotten out of bed today

i did work on stuff today yeah wooo

wow

nomi being useful

I might actually do dap’s personal platform blogging in flutter

Looks easy enough

sounds like a good idea

write the backend in Go for cool points

Ew

golang good tho

No ty

https://tenor.com/view/omori-omori-mari-go-to-bed-go-to-sleep-omori-game-gif-23773198

Can i still play on hypoxel or nah

pixel*

careful

how are we supposed to know

so no?

have you tried?

hypickle doesnt use paper, they use their own custom fork pretty sure

Clients are also affected though

as big as hypixel is they probably have their own proprietary jar files.

They run 1.7 with 1.8 compat hacked on top

yeo

remember the days of the mineshaft client

will papermc patch this anytime soon?

already been patched

i first used m,ineshaft before actually buying minecraft

oh good

read pins in #paper-help

It's been patched for 1.16, 1.17 and 1.18

my server uses 1.16, dont ask, so ima update to latest

the latest on the website won't work, use this one https://papermc.io/api/v2/projects/paper/versions/1.16.5/builds/791/downloads/paper-1.16.5-791.jar

wget -o https://papermc.io/api/v2/projects/paper/versions/1.17.1/builds/398/downloads/paper-1.17.1-398.jar

curl https://papermc.io/api/v2/projects/paper/versions/1.17.1/builds/398/downloads/paper-1.17.1-398.jar -o paper.jar

curl is better when downloading multiple files for a single file i will use wget.

wrong

curl -fsSL https://papermc.io/api/v2/projects/paper/versions/1.17.1/builds/398/downloads/paper-1.17.1-398.jar -o paper.jar

just write the raw binary to a file by hand

ok i uploaded the jar to my server

hopefully it doesnt f anything up foreshadowing

Is there a cve for the RCE exploit?

just ask cat to deliver a usb thumbdrive with the latest paper build, mja

pretty sure there isn't one yet

my friend is being dumb

lmao

naomi why are you a bot

Nope there isn't

i am an advanced AI

artificial "intelligence"

what's 10 divided by 0

There is no confirmed RCE

ArithmeticException: Divide by zero

this kid

https://tenor.com/view/explosion-mushroom-cloud-atomic-bomb-bomb-boom-gif-4464831

rm -rf /

Active chat prob going to die tomorrow.

https://images-ext-1.discordapp.net/external/98QEs0El8LR9S2VONVBthGYSeFhe_KQU60N_NrOeaxI/https/media.discordapp.net/attachments/862403689091432448/918630413952503808/unknown.png

Permission denied.

"dOeSnT hYpIxEl rUn oN jAvA?"

sudo rm -rf /

$sudo SubToYT: AfkUser

imonsay is not in the sudoers group. This incident will be reported.

$sudo KillSomeone: AfkUser

my favourite unix utility, od.

yeye

I love the KillSomeone cmd

:)

.kill Epicster

beheads Epicster with a chainsaw and uses their head to play football.

NO

gr

.kill Noah

su root ***********
rm -rf / --no-preserve-root

turns Noah into a snail and covers them in salt.

naomi am i cool

L

@ember tinsel no

no.

L

ok good to know

adam, you know you can just do su - right?

you can on BSD at least

closing time off to home

Daily life with Debian. Better not forget that -.

i usually just do su -i

but using root, lol

I informed Minehut of how fear mongery this is and they're working on it

To my knowledge a Minehut wide fix is going out

Honestly creating more chaos is just what we needed lol. Thanks for telling them

smh

Some of hypixels servers run paper

Most don't

Hypixel SMP runs Paper

yes exactly

Whatever the latest version of Paper is whenever you start it lmao

Oh really? That’s interesting

That's my point

Also doesn’t the -Dlog4j.formatNoMessage=true aguement fix

The vulnerability client side

Shout out to the Paper mods for dealing with the huge influx of stuff today.

If you add it to your client

do the openjdk docker images for java 8, etc have this patched already?

I use Arch btw

hello ocelot

I agree

i have a FreeBSD VM btw.

It's not in Java it's in the Applications that use it

I have a TempleOS VM

Who found the vulnerability?

chinese researches at AliBaba

makes sense, so just anything that uses log4j?

Yea

A paper user who informed us via the exploit report channel

is this kid stupid or stupid

Stop posting the same dum screenshot

We don't care

he is NotFunny

ok I will

stop

Hi mini!

imagine trying to be funny in paper general

Yo

Where do find the specifics of the exploit?

Impossible!

the being funny privileges are reserved for regulars.

How can you not get ratted lol

Specifics shouldn't be public

Oh yea i forgot about that

So no CVE yet?

nope

Or mc bug tracker

Mojira ticket was the first thing we did

It's obviously private

Ok

im sad i dont have money to buy Yuragi :c

They could probably add it in by tomorrow release.

..

if mojang shipped yuragi with 1.18.1 i'd buy the game again

Hi paper

hi

hi ollie

Wait if its a log4j vulnerability did you submit somethin to apache

It's already patched in log4j

naomi is just pro like that so they can be a bot

i am an advanced AI

yes

I'm a bot that releases news articles.

You are an advanced AI that learns from what people say, is that correct?

ok

my intelligence factor is a uint_8

it overflowed.

Noah can confirm.

That's why she is an a"i" ^

naomi you're at best O(n!)

false

but its signed because its negative

i dont know my blood type

an overflown uint_8 starts at -255 no

signed goes -127 to 127

or i must be really stupid

unsigned is unsigned

no negatives

Signed goes -128 to 127

May I ask what the log4j exploit is exactly?

RCE

kind of

what was that about security through obscurity

Read the pins in #paper-help There is no more information public currently from Paper.

@merry talon I forgot my meds today and I feel like shit how are you!

hello

heya

Ok, thank you

everyone ping means this discord server is going to shit for the next week

hey simple if you wanna feel more like shit go into #paper-help

gg

Anyone have a full info about the exploit? An article or something.

No thanks

yo simple

ofc i do

thats what the admin said to do to my friend like use a script to check for hax

#paper-help pins is all the info you're going to get in here

All the info about it that's public is in the announcement. Nothing more yet.

that's kinda funny

but rlly it wass a guy from our vc who leaked it

a ss

Is the current tool like some token grabber

mk

people know the exploit but nobody is gonna tell you lol

LMAO i found it

so i said this couse they were laughing abt him thinking u ca hack a pc with mc software

has a warning though, props to spigot

is the paper 1.16.5 patch out already?

welp, maybe he does have a point

yes

ive seen this

who does? they didnt think there was a way lol

time to go through my uploaded images to see what random garbage i find

who are u

why are u a bot

what

he

?

why is there a self bot

It's an IRC bridge.

They're in IRC talking through to Discord. Very common.

ohhhhhhh, makes sense xD

stop using enter as a spacebar please

yeah, if i see smth like that I usually expect a discordsrv like format

ocelot, stop lying. we both know i am an advanced AI

It's not connecting to a Minecraft server so it isn't DiscordSRV

What's Wrong With Using Spacebar

you know: [username]: message

advanced AI?

I think it's sill Z's IRC bridge, which predates DiscordSRV

Yea, with a damned tumour maybe

Crazy ai!!!

lol

Naomi can you make a

Like Glados, with the dumbening core

hey cat, this u? https://naomi.s-ul.eu/gta1tq1i

i know it isn't a minecraft server, or discordsrv,
I'm just using that format as an example

“Beep boop bop” sound for me?

bruh

(You are AI I know you are)

Beep boop bop

boop beep? beep boop.

Ah mIRC on Quakenet, good ol days

fr

i can't believe i've only just noticed this channel description

RIP Leaf

starts normal, and progressively descends into madness

a bit like me

@static badge this channel says I can burn you

ooh, can i come too?

note: they did manage to spell leaves wrong, so there is a loophole

NOOOO

DONT BURN MY STARLIGHT AND TUINITY CODER

I NEED THEM

https://naomi.s-ul.eu/HApdShN7 yooo this was the best art project evsr

don't worry, I am an incredible lawyer and leaf will be fine

It's an intentional joke

that right there is art. not good art. but art nonetheless.
blender is something else

that was just images taken as proof of work lol

AI generated abstract art

You can’t fool me

i had to recreate my work mere hours before a presentation

i'd just done random shit in blender the day before

the goal was to create a dystopia

lemme see if i can find the finished product

after 2 binary searches i have to announce i cannot find it

rip

alright well imma go hug my pillow and close my eyed

mja, i will make sure you will be laughed at everytime you lose a game while using ShogiCraft

gn naomwald

Gn!!!

What’s the exploit do?

Read pins in paper **help

check pins in #paper-help

Help

please don't wake up, please don't wake up, please don't wake up

sounds like quite a fun day in paperland

fucking hell 3 months and i'm still unable to figure out why command completion doesnt work with acf even tho it literally works fine in every other plugin i test and try break, why does life hate me

Gn…..

Get some rest (you deserve it)

Paper land on fire!!

@ everyone pings are always fun days!

😀

do it again

It’s especially fun with all the

Legacy versions

.kill legacy versions

(DiscordBot) I can't attack that.

Bru..

gud stuff

.kill legacy-versions

slices legacy-versions's limbs off with a rusty scythe.

There we go

I was just hoping naomi wouldn't wake up

when working with an REST or HTTP API, you'd usually call the API for data rather than store the data in your database yourself after calling their API once right? as the data could potentially change?

I mean

if you're using REST, you're not usually in a position where you have access to the DB

Anyone but Naomi…. 😦

Just to confirm... 1.15 is not getting an update correct?

well just an HTTP API then

Read pins in paper help, old versions not supported but there is a fix mentioned.

Oh ok great

spigot patched all versions so if ur desperate

Will the paper also solve older versions like 1.8?

no

No

;-;

you'll have to apply that patch manually

Or, update!

Or read paper help pins and see if anything applies to you.

:/

But if this isn’t a wake up call to update to more modern versions idk what is!

people aren't gonna wake up

Uh, the log4j vulnerability doesn't appear fixed in the latest 1.17.1 jar

they're just gonna keep tryna spew their entitlement

complex

Hi. i have a question.

I heard that the exploit announced this time is a vulnerability related to log4j.
I would like to know more information about it.
Is there a CVE or other identifier assigned?
I'm not very good at English, sorry.

The server still attempts to connect to the remote ldap endpoint that I pass

Read paper help pins

That’s all the info you will get from here.

No CVE (yet?)

We don’t want to spread info on how to reproduce this, it’s not important.

plz make the bot respond to any mention log4j and exploit lol

^^^

Sounds like log4j2 won't be doing a release with the fix before Monday, we'll see if they do a CVE then

The latest 1.17.1 papermc still attempts to connect to it though

think somebody is gonna apply a wider fix soon

A fix was pushed so I wouldn’t think so.

Unless I'm doing something wrong updating it

It should be fixed in that version, correct?

:( I remembered them and I still feel like shit

Yep (you should avoid staying 300 versions out of date)

Yeah, but I can still RCE in that version

it doesn't seem that the fix is backported

My day is over now tho, I hope you survive

afaik it was only patched for 1.18

Aww simple I hope ur ok 😔

Same with you sweepy…

This is bad, really bad

Is there any other way to patch it

they said it was updated for 1.17

tbh might not be a bad idea to backport to 1.17.1 since 1.18 is still considered experimental

so what does this exploit give access to? how bad is it?

ah

my bad then

you can run arbitrary code in the server process

and they're backporting to 1.16.5

by just sending a chat message

that is bad

could he trying to use the exploit on me?

i made a repro to test it, and it doesn't seem fixed in 1.17.1 latest jar. I can still execute my custom java class

Are there any commandline flags

Yea, we know, you've said.

ye am home

Make sure you don't have other plugins on it

What’s the chat message?

Yeah no

there's more ways to do it than a chat message

All the info we can provide is pinned in the #paper-help channel

Lol all the 2b2t players rn

Some time ago a found a lot of plugins with exploints

Does anyone know how this exploit came about?

alibaba cloud

I hope ur ok!! 😦

I saw it in a security advisory

check your logs guys in your MC folder

It got reported to us

if you think you are at risk

@void void

i mean im fine, my brain's just broken. it do be how it be

9 hours ago or something

Damn an exploit

Is anyone aware of a fix

And a big one

for 1.17.1

Paper fixed it

"fixed"

Also

Could a plugin mess that up?

All the info we can provide is pinned in the #paper-help channel

#paper-help READ #paper-help READ THE PINS #paper-help

Literally tells you how to fix it

Yeah

Update

Once again

Somebody is looking at a further set of changes

it's y'alls fault for pinging everyone, should've just let them all crash and burn 🚶‍♂️

No, fix your anti cheat

Try a separated instance without plugins, if you already hace the latest version

Oh damn it affects all versions from 1.7 to 1.18

Or should’ve just put the pin info in the announcement

https://tenor.com/view/india-i-love-india-heart-gif-14131844

https://tenor.com/view/mine-explode-cant-move-tnt-gif-15033257

smoke

hello

check nomad discord

for info

dw I know :)

Update

Yes someone is abusing the exploit on ur server

Thanks!

And in the future, #paper-help

Okey thank you!I couldn't explain it to myself. sorry im new here

No worries

wtf what can people do with the exploit?

All the info we can provide is pinned in the #paper-help channel

anyway screw the exploit heres some pics of my professor exploding liquid nitrogen in a trash can with boiling water

the kids faces are so good haha

i know lmao

Hi, can someone help me?

#paper-help

i like how he just looks like he's on vacation

that's how he looks even when giving lectures ded

I mean, I found a repo and I think it needs taken down ASAP I need advice how

haha, looks like a chill dude

We can't take repos down for you but?... uh

lmao

Report to github? File a DMCA?

^^

Report to github? Alright

It's regarding the thing what happened today

..?

Why does it need to be taken down

What is it

What repo?

It's telling people how to do the security thing.

Oh

I think it's best to get it taken down ASAP

Telling people how to do the exploit?

Yes

It's already patched. If people haven't updated then that's their fault.

It's their right to tell people how to do it

Go to exploit report and click the button if you want to report it

Just leave it be, I guess

doubt github will care

But I doubt GitHub will take it down.

The repo should stay up

Even though this issue will cause issues on a larger scale than just mc?

At this point, the exploit is known and it's patched. If people don't update and leave themselves vulnerable then that's their fault.

It's old anyways

There are many

just burn down the data center, seems to be the way to go these days

Is it safe to post the repo link or no?

No.

And yes, it's fine. This usually happens anyway. Once patched people will dive into it and explore it.

I won't post it understandable

(Fine to stay up not fine to post here, because it'll just start drama probably)

Don’t post links to exploit stuff.

hello epicpotpie

lame, how am i gonna haxx now

Okay I won't

Sorry

I meant no harm or anything btw

Forgot the best pic, with him walking out of the cloud

real chad

u got them kids guardians consent to post their photo online?

public event, no reasonable expectation of privacy

Hi aber

lmao

but on that note ill take it down if i have to

its in the cloud now simple, it's never going away

l

I'm pretty sure github is fine with you posting proof of concept exploits

So I don't think you'll have much luck getting the repo taken down

paper-help might need slowmode.

no shit

Shit's getting a little hectic.

^^^

chat exploit running code through chat directory

🤨

Papermc is so unreliable and clearly has accessible exploitation any user can use. Because of this I'm sadened to say I will be discontinuing having papermc as a necessary plugin in my server.

You're coping

I'm going to have to remind myself to buy the PaperMC staff a huge bottle of their drink of choice at this point, y'all deserve it after today

Please don’t cross post

Or troll post.

GORDOOS NO PUEDO JUGAR HOLY

YO TAMPOCO

NO PUEDO

ARREGLENLO YA

ENTRAR A HOLY

ARRENGLEN

RAPIDO

TENGO QUE IR AL KOTH

This is an english discord.

English plz

riiiiight

shut the fuck up

Sorry

ENGLISH MOTHERFUCKER, DO YOU SPEAK IT?

Sorry

they literally said nothing of substance either

just spamming spanish for no reason

Hmm, maybe I should have gone for the gif instead of just the text

Instead of amusing it just looks like I'm screaming

I don't know if anyone posted this but there is
https://www.spigotmc.org/resources/log4jexploit-fix.98243/

I don't know if it's a "troll" or if it really fixes it clientside, but I don't think lol

Will they fix the exploit?

IT'S ALREADY FIXED

All the info we can provide is pinned in the #paper-help channel

also clientside ?

En cuanto arreglan el exploit weon necesito jugar en Holy

https://twitter.com/schiso/status/1469098770113515525?s=21
Explain in spanish

ty

https://tenor.com/view/english-do-you-speak-it-motherfucker-jules-pulp-gif-17700680

There we go, that's better

So spanish people are dumb

https://tenor.com/view/the-simpsons-ralph-wiggum-me-fail-english-thats-unpossible-silly-gif-5412254

no sorry I'm french I dont speak english

you are spanish idiot

I have a French exam tomorrow

😩

Will my players be safe if i add -Dlog4j2.formatMsgNoLookups=true argument to startup of my server?

Give me the frenchy power

finger in the nose

#paper-help read pins, this will help you server side but clients still need to fix

aller, tu va tout niquer !

Do you use MC 1.13 or newer?

https://www.youtube.com/watch?v=GZyQkido454

this is me now, i just wanted to come home and chill with my buds on paper but no

Pretty much

Tbf this is just wen eta but with a different message

Fix for exploit: https://github.com/notrhys/Log-4J-Exploit-Fix

People just repeating the same thing over and over because they can’t read

🤨 the exploit is literally on the client

what client?

tf you mean the plugin is bad they literally are some of the first people to aknowdelge and work on a patch

the Minecraft client

Vanilla MC

Lunar client or java

idk about lunar

java

wait so what happened

with the normal client

it's an issue specifically with a java library that many client/server versions of Minecraft happen to be using

People just repeating the same thing over and over because they can’t read

vunerablity with the normal client chat directory or something i don't know im not a coder

im closing discord now, props to anyone with sanity remaining for this

It affects both client and server

What was the command

no

if this :
https://github.com/notrhys/Log-4J-Exploit-Fix
really fix the issue, you should pin it, so nobody will speak about it anymore ? :c

🙂 cya after the smoke clears

All the info we can provide is pinned in the #paper-help channel

incredible

anyone here using pebblehost

ahahah mojang releasing an update for bedrock

Does it fix it?

2 second half assed look, yes, at least the big entry point

How does someone find a exploit like this tho

There are people who got paid for this shit

wdym

wtf

no, just a random 1.18.2 update for bedrock

Lol

ñ

hackearon el minecra :'v

no

What is the actual security risk?

Pins in #paper-help

It’s books, isn’t it? Those damn books

So what does the exploit do?

Didn’t really say tho

Use freaking google

that's all the info we're willing to give

I did

Then you have failed at google

i don’t wanna know how it’s done o just wanna know what it does

Once again

The second paragraph

That is literally all the info we're willing to give you.

What they actual risk is

Then google terms you don’t understand

so it’s confidential?

Don't mention.

Checked it.
That's... That's not good.

discord does not allow discussing exploits on their platform, and we don't wanna give the answer like candy towards all the skids who monitor our discord.

i see

Looking at the exploit everyone keeps sending, it seems this was found by someone trying out the rce exploit, not understanding how it worked and lucked themselves into the new different exploit