mguy3790 @mguy3790@gameliberty.club

@qwerty @lelouchebag more like C4 amirite fellas

Roll for sex

Spread the sex

@RustyCrab still filing her under nigger.

🎶 It's beginning to look a lot like Out of Touch Thursday 🎶 Everywhere you go 🎶

I don't care

I've seen some less than stellar reporting on this, so ok, Minecraft has a RCE vulnerability. An attacker, if they get a certain string of text in your minecraft log (e.g. with a line of chat), they can make Minecraft's logger connect to an external server, and deserialise an object, which in principle could be a chain of objects which caused a command to run, which would give them access to your computer. Under Java 8 this is more straightforward to exploit, on later versions it's more difficult. You can prevent it being exploitable at all by passing the argument -Dlog4j2.formatMsgNoLookups=true to java when you run minecraft (if you're using a launcher, arguments should be configurable). You can test whether this change was effective by putting ${jndi​:ldap:​//127.0.0.1:1389/a} in your Minecraft chat. If it's vulnerable, you'll see an error message in the console as Log4J attempts and fails to connect to the nonexistent resource on your own computer. If it's not vulnerable, all you'll see is the chat line.

This issue affects servers too, if you're running a server you can
pass this argument to java and it'll mitigate the risk server-side, but you should also consider acquiring and using a plugin which will filter out lines containing the objectionable material (I'd suggest filtering for "{$indi:"), and preventing them from being distributed to other players via commands or messages

minecraft

What if master cheif said this bitch empty yet

@ShinobuRespecter uninstalling disowning and disavowing

@mguy3790 @graf @MischievousTomato Just right click and save

@MischievousTomato why dont you develop some bitches

done

Restart time