From fd842c4364e4b9a7f09a7dd18bbe8299cf7aba76 Mon Sep 17 00:00:00 2001
From: Andrew Steinborn <git@steinborn.me>
Date: Tue, 14 Dec 2021 19:37:37 -0500
Subject: [PATCH] Exclude org/apache/logging/log4j/core/lookup/JndiLookup.class
 entirely

It's the one sure-fire way to prevent further exploits using JNDI through Log4j.
---
 proxy/build.gradle | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/proxy/build.gradle b/proxy/build.gradle
index fd38a2004..46caa94cd 100644
--- a/proxy/build.gradle
+++ b/proxy/build.gradle
@@ -153,6 +153,9 @@ shadowJar {
     // Exclude Checker Framework annotations
     exclude 'org/checkerframework/checker/**'
 
+    // Exclude a Log4j class well-known for its use in recent security exploits.
+    exclude 'org/apache/logging/log4j/core/lookup/JndiLookup.class'
+
     relocate 'org.bstats', 'com.velocitypowered.proxy.bstats'
 }