Yet another critical Java vulnerability. Is MapTool affected?

Thoughts, Help, Feature Requests, Bug Reports, Developing code for...

Moderators: dorpond, trevor, Azhrei

Forum rules
PLEASE don't post images of your entire desktop, attach entire campaign files when only a single file is needed, or generally act in some other anti-social behavior. :)
Post Reply
Glitch(TMG)
Cave Troll
Posts: 43
Joined: Wed Oct 27, 2010 11:42 am

Yet another critical Java vulnerability. Is MapTool affected?

Post by Glitch(TMG) »

https://www.lunasec.io/docs/blog/log4j-zero-day/

Image
We humans just suck at computers.


So, since I searched and couldn't find a public topic on this already, I figured there should probably be one to bring this to attention, just in case the RPTools devs don't already know and just in case it does affect MapTool.

taustinoc
Dragon
Posts: 516
Joined: Mon Aug 03, 2015 6:30 pm

Re: Yet another critical Java vulnerability. Is MapTool affected?

Post by taustinoc »

There was an updated version released a day or two ago with the patch.

Glitch(TMG)
Cave Troll
Posts: 43
Joined: Wed Oct 27, 2010 11:42 am

Re: Yet another critical Java vulnerability. Is MapTool affected?

Post by Glitch(TMG) »

taustinoc wrote:
Tue Dec 14, 2021 2:43 pm
There was an updated version released a day or two ago with the patch.
Huh, really? The most recent update for MapTool though is 1.11.2 released on December 4th, and doesn't say anything about this exploit...and this Java vulnerability wasn't discovered/announced until the 9th (or so I heard?) anyway...

User avatar
Full Bleed
Demigod
Posts: 4736
Joined: Sun Feb 25, 2007 11:53 am
Location: FL

Re: Yet another critical Java vulnerability. Is MapTool affected?

Post by Full Bleed »

Glitch(TMG) wrote:
Fri Dec 17, 2021 4:02 pm
The most recent update for MapTool though is 1.11.2 released on December 4th, and doesn't say anything about this exploit...and this Java vulnerability wasn't discovered/announced until the 9th (or so I heard?) anyway...
You're a couple releases behind...

https://github.com/RPTools/maptool/releases
Maptool is the Millennium Falcon of VTT's -- "She may not look like much, but she's got it where it counts."

taustinoc
Dragon
Posts: 516
Joined: Mon Aug 03, 2015 6:30 pm

Re: Yet another critical Java vulnerability. Is MapTool affected?

Post by taustinoc »

Current version is 1.11.4. Unless you've turned off notices, Maptool itself should tell you there's a new version when you start it up.

Glitch(TMG)
Cave Troll
Posts: 43
Joined: Wed Oct 27, 2010 11:42 am

Re: Yet another critical Java vulnerability. Is MapTool affected?

Post by Glitch(TMG) »

Oh. Yeah, I'm just looking at the rptools.net home page, the last notice there is -still- the December 4th one. And yeah, in-MT notices are off, because for the last ten years that my entire extended social group has been using MapTool, since well before even I think the official 1.0 release, it's been such a massive flippin' pain in the donkey to coordinate MapTool updates for everyone in the entire social group across multiple concurrent games with some overlapping players all at the same time, so we never do unless we are absolutely forced to. For instance, everyone in our entire extended social group, across multiple games, is still using 1.8.3, since the last critical vulnerability bullcrap.

So the update for this Java vulnerability HAS been addressed, but it's not on the rptools front page. That is...irritating and inconvenient.

taustinoc
Dragon
Posts: 516
Joined: Mon Aug 03, 2015 6:30 pm

Re: Yet another critical Java vulnerability. Is MapTool affected?

Post by taustinoc »

The reminder to update it is filtering its way from the ones who know about it to the ones who have access to change it.

Such are the challenges of relatively small, open source projects.

Post Reply

Return to “MapTool”