If you are a Minecraft player, then you should be vigilant right now because there is a security vulnerability that is affecting the Java Edition of the game. Not long ago the developers of the game came across an exploit within Log4j, which is a common Java logging library. From what we have come to understand, this particular exploit is capable of affecting many services, and they include the Minecraft: Java Edition.
Here’s the thing, this vulnerability poses a huge risk to your computer where it could become compromised. Now, this exploit has already been fixed by the developer with newer versions of Minecraft, however, the developers recommend taking the following steps to ensure your game and servers are secure.
Minecraft Java Edition Security vulnerability
Those who are hosting their own Minecraft: Java Edition server need to understand a few things if they want to have things secured.
The following is what Mojang the developer recommends:
- 1.18: Upgrade to 1.18.1, if possible. If not, use the same approach as for 1.17.x:
- 1.17: Add the following JVM arguments to your startup command line:
-Dlog4j2.formatMsgNoLookups=true - 1.12-1.16.5: Download this file to the working directory where your server runs. Then add the following JVM arguments to your startup command line:
-Dlog4j.configurationFile=log4j2_112-116.xml - 1.7-1.11.2: Download this file to the working directory where your server runs. Then add the following JVM arguments to your startup command line:
-Dlog4j.configurationFile=log4j2_17-111.xml - Versions below 1.7 are not affected
Modified third-party launchers and clients are at risk
OK, so Minecraft clients that are modified along with third-party launchers might not update themselves automatically. In a situation like this, you are required to follow any instructions released by the third-party provider.
If these providers have not stated they’ve patched the vulnerability, then always assume it has not been fixed before playing the game.
The official Minecraft game client
For everyone who plays Minecraft: Java Edition but is not hosting their own servers, Mojang wants you to close all running instances of your game and the launcher. From there, boot the launcher and it should automatically download and install the patched version.
