Top Games

How to Apply the Minecraft Java Security Update

An exploit has been patched in the Java version of Minecraft that has Microsoft urging users to update their software.
An exploit has been patched in the Java version of Minecraft that has Microsoft urging users to update their software. / Microsoft

An exploit has been patched in the Java version of Minecraft that has Microsoft urging users to update their software.

According to Microsoft, the exploit is an unfortunate side effect of a common Java logging library—Log4j. The actual issue isn't the important bit, however, as the development team has already issued a fix for it. It is critical that users apply this update as "this vulnerability poses a potential risk of your computer being compromised."

Here's how to patch the exploit and secure both your device and your server.

How to Apply the Minecraft Java Security Update

Fortunately, all traditional/vanilla players need to do to apply the update is simply restart the application. Once reopened, the game should automatically download and install the update.

Those who run their own servers or use a modified/third-party launcher to start the game have their own unique set of steps, which we've outlined below. Each version of Minecraft has its own instruction and, as such, we've given each its own heading.

Users Running Vr. 1.18

These users should attempt to upgrade to version 1.18.1 as soon as possible. If they cannot upgrade to 1.18.1, please refer to instructions in 1.17, below.

Users Running Vr. 1.17

Users need to add the following JVM argument to their startup command line: 

  • Dlog4j2.formatMsgNoLookups=true

Users Running Vr. 1.16.5 to 1.12

First, users need to download a file from the official Minecraft website to the "working directory where your server runs." Then, they can add the following JVM argument to their startup line:

  • Dlog4j.configurationFile=log4j2_112-116.xml

Users Running Vr. 1.11.2 to 1.7

First, users need to download a file from the official Minecraft website to the "working directory where your server runs." Then, they can add the following JVM argument to their startup line:

  • Dlog4j.configurationFile=log4j2_17-111.xml

Versions beyond 1.7 are not subject to vulnerability and can be left alone. More information can be found in the article published on the official Minecraft website.