X

THANK YOU!

Post has been reported succesfully.

Security Vulnerability in Minecraft: Java Edition

This article only applies to Minecraft: Java Edition. 

We have identified a vulnerability in the form of an exploit within Log4j – a common Java logging library. This exploit affects many services – including Minecraft: Java Edition.
This vulnerability poses a potential risk of your computer being compromised, and while this
exploit has been addressed thanks to a recent patch to the game client, you still need to take the following steps to secure your game and your servers.

What you need to do:

Official Game Client

If you play Minecraft: Java Edition, but aren’t hosting your own server, you will need to take the following steps: Close all running instances of the game and the Minecraft Launcher. Start the Launcher again – the patched version will download automatically.

Modified Clients and Third-party Launchers

Modified clients and third-party launchers might not be automatically updated. In these cases, we recommend following the advice of your third-party provider. If the third-party provider has not patched the vulnerability, or has not stated it is safe to play, you should assume the
vulnerability is not fixed and you are at risk by playing.

Game Server

If you’re hosting your own Minecraft: Java Edition server, you'll need to take different steps
depending on which version you’re using, in order to secure it.

  • 1.18: Upgrade to 1.18.1, if possible. If not, use the same approach as for 1.17.x:
  • 1.17: Add the following JVM arguments to your startup command line:

               -Dlog4j2.formatMsgNoLookups=true

  • 1.12-1.16.5: Download this file to the working directory where your server runs. Then add the following JVM arguments to your startup command line:

               -Dlog4j.configurationFile=log4j2_112-116.xml

  • 1.7-1.11.2: Download this file to the working directory where your server runs. Then add the following JVM arguments to your startup command line:

               -Dlog4j.configurationFile=log4j2_17-111.xml

  • Versions below 1.7 are not affected.

This post will be updated with any additional information as it becomes available.

Last Updated - 2022-01-28 01:43:12 UTC

Was this article helpful?