Hello everyone! Earlier today, we identified a vulnerability in the form of an exploit within Log4j – a common Java logging library. This exploit affects many services – including Minecraft Java Edition.  

This vulnerability poses a potential risk of your computer being compromised, and while this exploit has been addressed with all versions of the game client patched, you still need to take the following steps to secure your game and your servers.

What you need to do

Official game client 

If you play Minecraft: Java Edition, but aren’t hosting your own server, you will need to take the following steps: Close all running instances of the game and the Minecraft Launcher. Start the Launcher again – the patched version will download automatically.  

Modified clients and third-party launchers  

Modified clients and third-party launchers might not be automatically updated. In these cases, we recommend following the advice of your third-party provider. If the third-party provider has not patched the vulnerability, or has not stated it is safe to play, you should assume the vulnerability is not fixed and you are at risk by playing.

Game Server 

If you’re hosting your own Minecraft: Java Edition server, you'll need to take different steps depending on which version you’re using, in order to secure it.

• 1.18: Upgrade to 1.18.1, if possible. If not, use the same approach as for 1.17.x:

• 1.17: Add the following JVM arguments to your startup command line: 
  -Dlog4j2.formatMsgNoLookups=true

• 1.12-1.16.5: Download this file to the working directory where your server runs. Then add the following JVM arguments to your startup command line: 
  -Dlog4j.configurationFile=log4j2_112-116.xml

• 1.7-1.11.2: Download this file to the working directory where your server runs. Then add the following JVM arguments to your  startup command line: 
  -Dlog4j.configurationFile=log4j2_17-111.xml

• Versions below 1.7 are not affected

We’ll post any additional information on our social media channels, so keep an eye out! Thank you!