Sat Nov 5. 2022
Update, December 10, 2021 at 2:13 Eastern Time – Mojang released Minecraft 1.18.1 in an effort to fix a security flaw in Minecraft servers that was caused by Log4J.
“Hello everyone! “Hello everyone! We discovered a vulnerability within Log4j, a Java logging library.” Read an article on Minecraft's website. This exploit affects many services, including Minecraft Java Edition.
This vulnerability could lead to your computer being compromised. While all versions of the game client have been patched for this exploit, you should still follow the steps below to protect your game and servers.
To update their game, most players simply need to restart the client. Server owners will need either to update their server as usual, or to add a JVM argument on the server's start command line. Modified servers will need to download a file, and then add a new JVM argument to their startup command line. Versions below 1.7 are not affected.
Today's article on Minecraft has all the details you need to keep yourself safe in Minecraft multiplayer.
Apache Log4J 2 has a security flaw that could allow remote code execution and affect Minecraft multiplayer servers.
These last months have been quite good for Minecraft. The surprise reveal of a Disney team-up and the release Caves and Cliffs Part 2 gave us a hint about the next mob. It's Minecraft's turn to be a bit of bad news. A critical security flaw has been discovered in the software Minecraft uses for its multiplayer services.
An Apache Log4J 2 security flaw has been found, which is a logging and tracking API used with Apache servers. Minecraft is among the games that use this software to log their multiplayer servers.
“Basically, because the logging library doesn't clean up inputs properly people could literally type a message on chat on a server which would then be log by other peoples' clients and be used for bad purposes (remote code execution/injection maybe?). “,” reads a post on the /r/Hypixel forum. I don't have the details, but this seems to be a very serious issue.
There are many unknowns. It is possible that someone could remotely execute code on your Minecraft computer from a multiplayer server. This Apache Log 4J 2 exploit has only been disclosed today. There have not been any real-world examples of it.
Given the popularity of Apache and Minecraft, it is best to avoid multiplayer for the next few days until the issue is resolved. This issue should not affect single-player. You can buy Minecraft on your PC, consoles, or mobile devices through its official website.