IT House December 13 news, the recent Log4j vulnerability must be known to everyone, on the evening of November 9, the open source project Apache Log4j 2 a remote code execution vulnerability exploitation details were made public, and then the vulnerability was quickly exposed.
Minecraft for Java became one of the most compromised games, a vulnerability that allowed malicious parties to remotely execute code on Minecraft's servers by pasting messages into an in-game chat box. Mojang has released an urgent update that requires players to update to the latest version as soon as possible.
IT House understands that in addition to updating the client, Mojang says there are still some steps needed:
If you're playing Minecraft for Java but don't host your own server, you'll need to follow these steps:
Close all running instances of the game and Minecraft Launcher. Launch the launcher again - the patch version will be downloaded automatically.
Modified clients and third-party launchers may not update automatically. In these cases, Mojang advises players to follow the recommendations of third-party providers. If the third-party vendor does not patch the vulnerability, or does not claim that it is safe to play, you should assume that the vulnerability is not fixed and is risky when playing the game.
If you host your own Minecraft Java Edition server, you'll need to take different steps depending on the version you're using to keep it secure:
1.18: Upgrade to version 1.18.1 if possible. If not, use the same method as 1.17.x.
1.17: Add the following JVM parameters to the startup command line:
1.12-1.16.5: Download this file to the working directory where the server is running. Then add the following JVM parameters to the startup command line:
1.7-1.11.2: Download this file to the working directory where the server is running. Then add the following JVM parameters to the startup command line:
Versions earlier than 1.7 are not affected