The developer released an official statement on Twitter that while the issue has been resolved, Minecraft players need to take the necessary steps to better secure the game client as well as the servers.
How to secure the Minecraft game client?
If players aren’t hosting their servers, instead are playing Minecraft: Java Edition, the following steps need to be taken to secure the game client. All Java edition players need to shut down the game as well as the Minecraft Launcher before restarting it. The patch will then automatically download before players can jump back into the game.
Player safety is the top priority for us. Unfortunately, earlier today we identified a security vulnerability in Minecraft: Java Edition.— Minecraft (@Minecraft) December 10, 2021
The issue is patched, but please follow these steps to secure your game client and/or servers. Please RT to amplify.https://t.co/4Ji8nsvpHf
How to secure modded clients and third-party launchers?
While the Minecraft Launcher may automatically update, the same can’t be said for modded and third-party clients. Players will need to refer to their provider for any news and updates on what steps to take.
If the providers have yet to update their client or launcher or have yet to confirm whether their services are safe to use again, players will be at risk using their services. As such, they should not use them until the vulnerability has been resolved.
How to secure the Minecraft game servers?
Those who host their Minecraft servers will undertake different steps to ensure that their servers are safe to play on and prevent other players from being at risk to the vulnerability.
The steps detailed below need to be followed to ensure that players can safely protect their PC and servers from this malicious exploit which version of Minecraft: Java Edition they’re running.
- v1.18: Players will need to upgrade this version to 1.18.1 if available. If players can’t upgrade, they will need to refer to the steps for v1.17 to secure their servers and their PC.
- v1.17: Players will need to input the following JVM arguments in the startup command: -Dlog4j2.formatMsgNoLookups=true
- v1.12-v1.16.5: Players need to install this file to the directory from which the server runs. Next, input these JVM arguments in the startup command: -Dlog4j.configurationFile=log4j2_112-116.xml
- v1.7-v1.11.2: Similar to the steps outlined for v1.12-v1.16.5, a file needs to be installed to the directory before inputting these JVM arguments in the startup command: -Dlog4j.configurationFile=log4j2_17-111.xml
Developers have revealed that Java edition players with versions below 1.7 aren’t affected by this exploit. However, they will provide players with more updates on this ongoing issue once more information is readily available. Therefore, we will update this article with the latest developments and updates on this Minecraft security exploit.
Don’t forget to check out our dedicated Minecraft section for the latest news, updates, guides, leaks and more.
Featured image courtesy of Mojang.