Legacy Local Blynk server vulnerability (Log4j2 fix)

Hello all,

Recently was published a 0-day exploit in Java logging library - log4j2 (this library is used by Blynk Local Server). This is the largest fu…p I have seen in Java world :slight_smile:.

So for all local server owners - please update ASAP to the latest server version.

Other possible ways of avoiding the exploits you can find in the above article.

All Blynk servers were already patched with the fix.


Thank You Dmitriy


Thank you for this. However, when I updated to the latest server, it would not run. I am running on a Raspberrry Pi, have Java version: “1.8.0_65” and was running server-0.41.2-java8.jar before. I suspect I need to upgrade something else???

I also want to thank you for Blynk. The legacy version has been very stable and has meshed nicely with Home Assistant running my home automation. Of course, Pete Knight has been very helpful as well.

Mark Strauch

Dmitry, will there be compilation for JAVA8?

Thank you and respect for your effort!
What Java version is needed for this version on the RPI?

@Dmitriy , when i try to start the new version, it gives this error:

pi@rpiw:~ $   java -jar server-0.41.17.jar -dataFolder /home/pi/Blynk      Error: A JNI error has occurred, please check your installation and try again

Exception in thread “main” java.lang.UnsupportedClassVersionError: cc/blynk/server/launcher/ServerLauncher has been compiled by a more recent version of the Java Runtime (class file version 55.0), this version of the Java Runtime only recognizes class file versions up to 52.0
at java.lang.ClassLoader.defineClass1(Native Method)
at java.lang.ClassLoader.defineClass(ClassLoader.java:756)
at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:473)
at java.net.URLClassLoader.access$100(URLClassLoader.java:74)
at java.net.URLClassLoader$1.run(URLClassLoader.java:369)
at java.net.URLClassLoader$1.run(URLClassLoader.java:363)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:362)
at java.lang.ClassLoader.loadClass(ClassLoader.java:418)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:352)
at java.lang.ClassLoader.loadClass(ClassLoader.java:351)
at sun.launcher.LauncherHelper.checkAndLoadMain(LauncherHelper.java:601)
pi@rpiw:~ $

what could be the problem?


ok,i’ve got it. the uploaded version on the github is compiled for java 11, and on the rpi we use java 8. unfortunately the java 11 is not running on rpi zero w, so there is no way i can use this update :frowning:

Java 8 support for 1.0 server was dropped a few years ago. So we won’t provide a fix for it. I recommend you all find a way to install Java 11 to raspberry pi, there are should exist some JVM, like libertica.

Someone can help me please, what command should I use to install java 11 on a RPI zero v2?

Try this:
sudo apt update
sudo apt install -y openjdk-11-jdk

hey, thanks for the reply. by the time i managed with this command:
sudo apt install default-jdk

the result is this:

pi@pi:~ $ java -version
openjdk version "11.0.14" 2022-01-18
OpenJDK Runtime Environment (build 11.0.14+9-post-Raspbian-1deb11u1)
OpenJDK Server VM (build 11.0.14+9-post-Raspbian-1deb11u1, mixed mode)

so, i guess it is ok.

1 Like