Minecraft is never done, with Mojang Studios constantly working behind-the-scenes on improvements and additions. On Friday, the team released the Minecraft: Java Edition 1.18.1 patch update to all players, which includes a handful of fixes and tweaks to improve the experience. However, Mojang also recently found a critical security vulnerability in Minecraft: Java Edition, which is resolved by this patch update. All Minecraft players, and especially game server hosts, are strongly encouraged to download this patch as soon as possible. You can find more information on the security vulnerability below.
This story is developing…
Here’s what you need to know about the security vulnerability in Minecraft: Java Edition:
Mojang Studios reportedly discovered a security vulnerability that could potentially comprise the computers playing it. Apparently, the exploit was discovered within Log4j, a commonly used logging library that can affect various servers in addition to Minecraft: Java Edition. The 1.18.1 patch update resolves this security flaw, but the steps needed to install it differ for some people
Minecraft: Java Edition players
- Regular Minecraft: Java Edition players only need to install the 1.18.1 patch update, which should automatically download and install whenever the game and Minecraft Launcher are both closed out and fully restarted
Third-party clients and servers
- Players enjoying their time in third-party clients or servers in Minecraft: Java Edition will need to follow the advice and discretion of the third-party client or server if it’s not automatically updated. If a third-party client or server has stated the patch has not been installed and the vulnerability still exists, avoid playing there for the time being
Game server hosts
- Players hosting their own game servers in Minecraft: Java Edition still need to install the 1.18.1 patch update to protect their server, but may have to take additional steps to patch the vulnerability fully
- Players should attempt to update to 1.18.1 from 1.18 if possible
- If unable to download the patch update to 1.18 or playing on any version of 1.17, add the following JVM argument to your startup command line:
- If playing on any version from 1.12 to 1.16.5, download this file and add the following JVM argument to your startup command line:
- If playing on any version from 1.7 to 1.11.2, download this file and add the following JVM argument to your startup command line:
- Older versions of Minecraft are not affected by the security vulnerability
The full changelog for Minecraft: Java Edition 1.18.1 patch update includes:
- Fixed an issue that would cause players on low-bandwidth connections to get timeout errors when connecting to a server
- World fog now starts further away from the player, to make distant terrain more visible
- Instead of applying fog as a spherical volume it is now applied as a cylindrical volume
- Actual render distance is two chunks lower than render distance setting
- Beacon’s power reverts back to previous one on world reload
- Bees inside of bee hives / nests sometimes despawn when the world is reloaded
- “Observer activating without any updates nearby, caused by
- Chunk render distance on servers seems shorter than in 1.17.1
- Random nonfatal exceptions in console: Failed to store chunk
A catalog of games
Xbox Game Pass Ultimate
All your gaming needs, in one subscription.
Is the Xbox Game Pass Ultimate the best value in all of gaming? It’s possible. Ultimate bundles your Xbox Live Gold subscription, an Xbox Game Pass subscription for both Xbox consoles and Windows PCs, and Xbox Cloud Gaming for on-the-go. That means access to hundreds of games, with more added all the time, for a single monthly subscription cost.
We may earn a commission for purchases using our links. Learn more.