Merging latest from master

#1054

Dockerfile

@@ -1,4 +1,4 @@
-FROM adoptopenjdk:11-jdk
+FROM eclipse-temurin:17-jdk
 
 LABEL org.opencontainers.image.authors="Geoff Bourne <itzgeoff@gmail.com>"
 
@@ -26,7 +26,7 @@ RUN apt-get update \
 RUN addgroup --gid 1000 minecraft \
   && adduser --system --shell /bin/false --uid 1000 --ingroup minecraft --home /data minecraft
 
-COPY files/sudoers* /etc/sudoers.d
+COPY --chmod=644 files/sudoers* /etc/sudoers.d
 
 EXPOSE 25565 25575
 
@@ -78,15 +78,14 @@ ENV UID=1000 GID=1000 \
   ENABLE_AUTOPAUSE=false AUTOPAUSE_TIMEOUT_EST=3600 AUTOPAUSE_TIMEOUT_KN=120 AUTOPAUSE_TIMEOUT_INIT=600 \
   AUTOPAUSE_PERIOD=10 AUTOPAUSE_KNOCK_INTERFACE=eth0
 
-COPY scripts/start* /
-COPY bin/ /usr/local/bin/
-COPY bin/mc-health /health.sh
-COPY files/server.properties /tmp/server.properties
-COPY files/log4j2.xml /tmp/log4j2.xml
-COPY files/autopause /autopause
+COPY --chmod=755 scripts/start* /
+COPY --chmod=755 bin/ /usr/local/bin/
+COPY --chmod=755 bin/mc-health /health.sh
+COPY --chmod=644 files/server.properties /tmp/server.properties
+COPY --chmod=644 files/log4j2.xml /tmp/log4j2.xml
+COPY --chmod=755 files/autopause /autopause
 
-RUN dos2unix /start* && chmod +x /start* \
-    && dos2unix /autopause/* && chmod +x /autopause/*.sh
+RUN dos2unix /start* /autopause/*
 
 ENTRYPOINT [ "/start" ]
 HEALTHCHECK --start-period=1m CMD mc-health

README.md

@@ -275,7 +275,7 @@ When using the image `itzg:/minecraft-server` without a tag, the `latest` image
 
 | Tag name       | Java version | Linux  | JVM Type | Architecture      |
 | -------------- | -------------|--------|----------|-------------------|
-| latest         | 17           | Debian | Hotspot  | amd64,arm64,armv7 |
+| latest         | 16           | Debian | Hotspot  | amd64,arm64,armv7 |
 | java8          | 8            | Alpine | Hotspot  | amd64             |
 | java8-multiarch | 8           | Debian | Hotspot  | amd64,arm64,armv7 |
 | java8-openj9   | 8            | Debian | OpenJ9   | amd64             |

docker-versions-create.sh

@@ -147,7 +147,7 @@ if [[ $tag ]]; then
           "generate_release_notes": true
         }
 EOF
-      if ! echo curl "${auth[@]}" -H "Accept: application/vnd.github.v3+json" \
+      if ! curl "${auth[@]}" -H "Accept: application/vnd.github.v3+json" \
         "${base}/repos/${owner}/${repo}/releases" -d "$releaseBody"; then
           echo "ERROR failed to create github release $tag"
           exit 1

scripts/start-configuration

@@ -115,12 +115,14 @@ case "${TYPE^^}" in
   ;;
 
   FORGE)
+    if versionLessThan 1.17; then
     log "**********************************************************************"
     log "WARNING: The image tag itzg/minecraft-server:java8 is recommended"
     log "         since some mods require Java 8"
     log "         Exception traces reporting ClassCastException: class jdk.internal.loader.ClassLoaders\$AppClassLoader"
     log "         can be fixed with java8"
     log "**********************************************************************"
+    fi
     exec ${SCRIPTS:-/}start-deployForge "$@"
   ;;
 

scripts/start-finalExec

@@ -107,7 +107,36 @@ if [ -n "$ICON" ]; then
     fi
 fi
 
+canUseRollingLogs=true
+
+patchLog4jConfig() {
+  file=${1?}
+  url=${2?}
+  if ! get -o "$file" "$url"; then
+    log "ERROR: failed to download corrected log4j config"
+    exit 1
+  fi
+  JVM_OPTS="-Dlog4j.configurationFile=${file} ${JVM_OPTS}"
+  canUseRollingLogs=false
+}
+
+# Patch Log4j remote code execution vulnerability
+# See https://www.minecraft.net/en-us/article/important-message--security-vulnerability-java-edition
+if versionLessThan 1.7; then
+  : # No patch required here.
+elif isFamily VANILLA && versionLessThan 1.12; then
+  patchLog4jConfig log4j2_17-111.xml https://launcher.mojang.com/v1/objects/dd2b723346a8dcd48e7f4d245f6bf09e98db9696/log4j2_17-111.xml
+elif isFamily VANILLA && versionLessThan 1.17; then
+  patchLog4jConfig log4j2_112-116.xml https://launcher.mojang.com/v1/objects/02937d122c86ce73319ef9975b58896fc1b491d1/log4j2_112-116.xml
+elif versionLessThan 1.18.1; then
+  JVM_OPTS="-Dlog4j2.formatMsgNoLookups=true ${JVM_OPTS}"
+fi
+
 if isTrue ${ENABLE_ROLLING_LOGS:-false}; then
+  if ! ${canUseRollingLogs}; then
+    log "ERROR: Using rolling logs is currently not possible in the selected version due to CVE-2021-44228"
+    exit 1
+  fi
   # Set up log configuration
   LOGFILE="/data/log4j2.xml"
   if [ ! -e "$LOGFILE" ]; then
@@ -150,28 +179,6 @@ if [ -n "$JVM_DD_OPTS" ]; then
       done
 fi
 
-patchLog4jConfig() {
-  file=${1?}
-  url=${2?}
-  if ! get -o "$file" "$url"; then
-    log "ERROR: failed to download corrected log4j config"
-    exit 1
-  fi
-  JVM_OPTS="-Dlog4j.configurationFile=${file} ${JVM_OPTS}"
-}
-
-# Patch Log4j remote code execution vulnerability
-# See https://www.minecraft.net/en-us/article/important-message--security-vulnerability-java-edition
-if versionLessThan 1.7; then
-  : # No patch required here.
-elif isFamily VANILLA && versionLessThan 1.12; then
-  patchLog4jConfig log4j2_17-111.xml https://launcher.mojang.com/v1/objects/dd2b723346a8dcd48e7f4d245f6bf09e98db9696/log4j2_17-111.xml
-elif isFamily VANILLA && versionLessThan 1.17; then
-  patchLog4jConfig log4j2_112-116.xml https://launcher.mojang.com/v1/objects/02937d122c86ce73319ef9975b58896fc1b491d1/log4j2_112-116.xml
-elif versionLessThan 1.18.1; then
-  JVM_OPTS="-Dlog4j2.formatMsgNoLookups=true ${JVM_OPTS}"
-fi
-
 if isTrue ${ENABLE_JMX}; then
   : ${JMX_PORT:=7091}
   JVM_OPTS="${JVM_OPTS}