An exploit has been patched in the Java version of Minecraft in which Microsoft prompts users to update their software.
According to Microsoft, the exploit is an unfortunate side effect of a popular Java logging library – Log4j. The real problem isn’t the most important thing though, as the development team has already released a fix for it. It is important that users apply this update because “this vulnerability creates a potential risk that your computer could be compromised.”
Here’s how to patch the exploit and secure both your device and server.
Fortunately, traditional / vanilla players only need to restart the application to apply the update. After opening it again, the game should download and install the update automatically.
Those who run their own servers, or use a modified launcher or a third party vendor to launch the game, have their own unique steps that we will outline below. Each version of Minecraft has its own set of instructions and so we’ve given each one a different heading.
Users running VR. 1.18
These users should try to upgrade to version 1.18.1 as soon as possible. If you cannot upgrade to 1.18.1, see the instructions in 1.17 below.
Users running VR. 1.17
Users must add the following JVM argument to their startup command line:
Users running VR. 1.16.5 to 1.12
First, users need to download a file from the official Minecraft website into the “working directory in which your server is running.” Then you can add the following JVM argument to your start line:
Users running VR. 1.11.2 to 1.7
First, users need to download a file from the official Minecraft website into the “working directory in which your server is running.” Then you can add the following JVM argument to your start line:
Versions after 1.7 are not subject to any weaknesses and can be left alone. More information can be found in the article published on the official Minecraft website.
