TheCurle

Log4J CVE Advisory

The Problem

Log4J has a feature called Java Naming and Directory Interface (shortened to JNDI in this document), which allows a Java program to reach out to an external source to gather data.
If you put a section of text containing ${jndi:query} into the log, the Log4J library will try to resolve the query.
This can be combined with the Lightweight Directory Access Protocol (LDAP) to connect to a remote server.

However, because JNDI is built for retrieving data, and JNDI is a Java program, if you put a JNDI query using LDAP into a log, it will connect to the given site, download a file, and then execute it.
This is called Remote Code Execution.

skyrising

Mojang Meta URLs

Piston Meta

Minecraft Java Edition Versions

• version_manifest
• version_manifest_v2

Dungeons

• dungeons/windows-x64

gigaherz

So... You have updated to latest forge and harvestTool, harvestLevel, ToolType, ... are all gone. AAA PANIC!

Here's how to fix it:

Blocks

First, Remove the harvestTool and harvestLevel calls from the block properties.

Then, add the blocks to the relevant tags. You can use datagen, or make the jsons yourself. Datagen is more future-proof.

alcatrazEscapee

Update

You can now read this document / article, at https://alcatrazescapee.com/rivers/. It will be updated further there. The original content is still here, below

---

Why Are Rivers So Complicated?

Let's narrow that down a bit. This document will try to explain some of the difficulties, limitations, and possible ways to generate rivers in Minecraft. There have been many papers, articles, and other medium which have generated realistic rivers to great success. So what makes Minecraft so much more difficult, or what makes these other methodologies so difficult? And what methods have found success?

rbrick

package main

import (
	"bytes"
	"context"
	"crypto/tls"
	"encoding/json"
	"fmt"
	"golang.org/x/oauth2"
	"golang.org/x/oauth2/microsoft"

Darkere

1. Download VisualVM https://visualvm.github.io/download.html
2. Make sure you have a JDK installed. https://adoptopenjdk.net/?variant=openjdk8&jvmVariant=hotspot 2.5 When installing make sure to set the JAVA_HOME option to avoid problems. (that is JDK not JRE, if you do not develop java applications you probably don't have it)
3. Make sure your game is in the state you want to analyze.
4. Run VisualVM.
5. Select the process of your game on the left. (for forge this is usually cpw.mods.modlauncher) See image below
6. Go to the Sampler tab
7. Wait for the button become valid and click CPU
8. VisualVM now samples every thread in your game. Pay special attention to:

Drullkus

import com.mojang.datafixers.util.Function3;
import com.mojang.serialization.Codec;
import com.mojang.serialization.codecs.RecordCodecBuilder;
import net.minecraft.block.BlockState;

import java.util.List;

public class CodecExample {
    public static final Codec<CodecExample> CODEC = RecordCodecBuilder.create(
            instance -> instance.group(

ByteLaw5

Yes, this is all registered
Yes, this is all added to the biomes
No, the create method does not work

JoJoDeveloping

import javax.imageio.ImageIO;
import java.awt.*;
import java.awt.image.BufferedImage;
import java.io.File;
import java.io.IOException;

public class ImageCombiner {

    public static void main(String[] args) throws IOException {
        if(args.length < 2){

LexManos

So about 1.13. As we have been stating since the public release of 1.13,
the Forge update is a time we are taking to re-write everything from the
ground up. Not just Forge, but the entire toolchain, launcher, installer,
and core of Forge is being rewritten. Every line of code is being inspected,
and re-validated. This whole process takes a while. To give you (the reader)
an idea of what has been done so far:

ForgeGradle has been rewritten to support modern gradle versions, with better tools
to be expandable and used for more than just setting up a Minecraft/Forge
dependency project. It's also much cleaner and organized this time around