User Tools

Site Tools


news:cve_says_what

What's a CVE, Anyway

and why did it just break my pickax?

10 Dec 2021

Our version of Minecraft is affected by CVE-2021-44228. A “CVE” is what happens when programmers make bad decisions… like permitting a logging framework to resolve URLs, connect to servers, download content, and then to execute that content as instructions.

theparadox.us has many defenses against intrusion. While there is no evidence that the server was actually compromised, we will carefully sanitize our high-contact surfaces to ensure that nothing nasty can remain. Expect a day or two of downtime as we get this sorted out.

It is unclear if Mojang will release any further patches to Minecraft 1.16. It is also unclear if any of the existing mitigations actually make the old code safe. We may be required to update to Minecraft 1.18.

22 Dec 2021: Service Restored!

Just in time for the holidays, all services are now operational. Better late than never, right? Security patches have allowed us to remain on Minecraft 1.16 for now, and everything should be right where you left it.

If you can't remember where that is, that's your own problem.

Play on… but first, learn how to protect yourself from the compuvirus.

news/cve_says_what.txt · Last modified: 2021/12/23 00:25 by ch1b1