No. The maintainers silently fixed the JNDI issue in v11 without public disclosure. Only v10 was affected. However, if you are still on v10, you must patch.
find . -name "*.jar" -exec grep -l "AddonV10" {} \; Also check Maven/Gradle dependencies: java addon v10 patched
mvn dependency:tree | grep "java-addon-v10" Do not use random mirrors. Only download from the official Patchwork Labs repository (verify the SHA-256): However, if you are still on v10, you must patch
Many teams have reported success by decompiling the old Java Addon v10, extracting only the UI classes they need, and recompiling them without the vulnerable networking code. However, this may violate the addon’s license (LGPL with additional restrictions). Q: Does upgrading to Java 21 or 23 fix the vulnerability without patching? No. The vulnerability is within the addon’s code, not the JVM. Even the latest JDK versions are vulnerable if you run unpatched Java Addon v10. Only download from the official Patchwork Labs repository
In the sprawling ecosystem of legacy software, game modifications, and enterprise debugging tools, few phrases trigger as much discussion as "Java Addon v10 patched." For the past several months, this term has been trending across GitHub issue trackers, Minecraft server forums, legacy ERP support communities, and reverse engineering subreddits.
It depends. If the plugin uses the addon only for UI or math utilities, yes. If it uses RemoteCallback or NetworkBridge , it will break. Check the plugin’s documentation for "Supports Addon v10 patched."