Skip to content

Instantly share code, notes, and snippets.

@makamys
makamys / 1.7.10-security-vulnerabilities.md
Last active August 4, 2024 00:54
1.7.10 Security Vulnerabilities

1.7.10 Security Vulnerabilities

Having been released over 9 years ago, Minecraft 1.7.10 is no longer officially supported, which means it is up to the users to mitigate security vulnerabilities.

I cannot guarantee this list is complete or accurate, this is just a compilation of what I have learned.

Log4J CVE-2021-44228 ("Log4Shell")

Date discovered: 2021-12-10

@makamys
makamys / 1.7.10-essentials.md
Last active November 18, 2024 10:04
List of "Essential" 1.7.10 Mods

List of "Essential" 1.7.10 Mods

This is a list of Minecraft 1.7.10 mods that are not focused on adding new original content. Instead, they make the base game run better, or port over features from other versions of vanilla.

These lists try to comprehensively list all the available options. You will not want to use all of the listed mods at once.

Some of the listed mods require a Mixin bootstrap mod in order to work. See the Mixin mods section near the end of the document for information about that.

Table of Contents

Log4J CVE Advisory

The Problem

Log4J has a feature called Java Naming and Directory Interface (shortened to JNDI in this document), which allows a Java program to reach out to an external source to gather data.
If you put a section of text containing ${jndi:query} into the log, the Log4J library will try to resolve the query.
This can be combined with the Lightweight Directory Access Protocol (LDAP) to connect to a remote server.

However, because JNDI is built for retrieving data, and JNDI is a Java program, if you put a JNDI query using LDAP into a log, it will connect to the given site, download a file, and then execute it.
This is called Remote Code Execution.

@ZekerZhayard
ZekerZhayard / 1.build.gradle
Last active February 14, 2022 19:20
build.gradle with Mixin for ForgeGradle 5+
// Without MixinGradle
// Add below contents to the end of your build.gradle
configurations {
library
implementation.extendsFrom library
}
repositories {
maven { url = "https://repo.spongepowered.org/repository/maven-public/" }
}
dependencies {