Having been released over 9 years ago, Minecraft 1.7.10 is no longer officially supported, which means it is up to the users to mitigate security vulnerabilities.
I cannot guarantee this list is complete or accurate, this is just a compilation of what I have learned.
Date discovered: 2021-12-10
This is a list of Minecraft 1.7.10 mods that are not focused on adding new original content. Instead, they make the base game run better, or port over features from other versions of vanilla.
These lists try to comprehensively list all the available options. You will not want to use all of the listed mods at once.
Some of the listed mods require a Mixin bootstrap mod in order to work. See the Mixin mods section near the end of the document for information about that.
Log4J has a feature called Java Naming and Directory Interface (shortened to JNDI in this document), which allows a Java program to reach out to an external source to gather data.
If you put a section of text containing ${jndi:query} into the log, the Log4J library will try to resolve the query.
This can be combined with the Lightweight Directory Access Protocol (LDAP) to connect to a remote server.
However, because JNDI is built for retrieving data, and JNDI is a Java program, if you put a JNDI query using LDAP into a log, it will connect to the given site, download a file, and then execute it.
This is called Remote Code Execution.
| // Without MixinGradle | |
| // Add below contents to the end of your build.gradle | |
| configurations { | |
| library | |
| implementation.extendsFrom library | |
| } | |
| repositories { | |
| maven { url = "https://repo.spongepowered.org/repository/maven-public/" } | |
| } | |
| dependencies { |
