A really bad exploit has been found on all Minecraft servers! Update your Spigot / Paper / other server software now! (Your clients too!)
How bad is it? It lets people run code remotely through chat messages. This is as bad as it gets.
Why is everyone affected? Minecraft uses Log4J which has a serious vulnerability. More here: https://arstechnica.com/information-technology/2021/12/minecraft-and-other-apps-face-serious-threat-from-new-code-execution-bug/
A recently found exploit is already being abused. Depending on your server version this exploit is severe.
We have released a fix for Paper 1.17, Paper 1.18, Waterfall, and Velocity. Please update your servers ASAP.
Paper 1.16.5 #792 or higher: https://papermc.io/legacy
Paper 1.17 #399 or higher: https://papermc.io/downloads#Paper-1.17
Paper 1.18 #66 or higher: https://papermc.io/downloads#Paper-1.18
Waterfall #468 or higher: https://papermc.io/downloads#Waterfall
Velocity 3.1.1 #98 or higher: https://papermc.io/downloads#Velocity
Note: If you are updating Spigot, use BuildTools. If you download a random unofficial distribution, there's a 90% chance that you are not fixing this issue. If you can't figure out how to use BuildTools, use PaperMC instead, it has an easier download method.
Friday, December 10, 2021