# log4j-vulnerability-patcher-agent

This agent fixes critical vulnerability [CVE-2021-44228]( in log4j by patching `JndiLookup` class, as recommended [here](

**WARNING: this is not a substitute for proper upgrade to log4j 2.15.0**, where this vulnerability was fixed for good. Use this agent **IF, and ONLY IF, you can't upgrade log4j in your app**.

Agent can run on JRE 8 and higher, in any application (including Minecraft clients and servers).

This will completely disable `JNDI` in log4j. If you need this functionality, do not use this agent.

## How to use

1. Download agent JAR or build it yourself
2. Add command line argument `-javaagent:/path/to/agent/log4j-vulnerability-patcher-agent.jar` to the start command of your app

Example command line:

java -javaagent:/home/user/log4j-vulnerability-patcher-agent.jar -Xmx1G spigot.jar

If everything is OK, on start agent will output `[Log4jVulnerabilityPatcherAgent] JndiLookup was patched, vulnerability fixed!`.

## Build

You will need JDK 8, Maven and Git.

git clone
cd log4j-vulnerability-patcher-agent
mvn clean package