and why did it just break my pickax?

10 Dec 2021

Our version of Minecraft is affected by CVE-2021-44228. A “CVE” is what happens when programmers make bad decisions… like permitting a logging framework to resolve URLs, connect to servers, download content, and then to execute that content as instructions.

theparadox.us has many defenses against intrusion. While there is no evidence that the server was actually compromised, we will carefully sanitize our high-contact surfaces to ensure that nothing nasty can remain. Expect a day or two of downtime as we get this sorted out.

It is unclear if Mojang will release any further patches to Minecraft 1.16. It is also unclear if any of the existing mitigations actually make the old code safe. We may be required to update to Minecraft 1.18.