Java Security Issue Affects Minecraft Servers
7-Jan-2023
The staff at Minecraft's Mojang Studios and those at third-party servers like PaperMC and Forge have been tireless in implementing patches to fix the problem. Players are advised to close all Minecraft instances and to update to the most recent patch as soon as possible. This issue does not affect online multiplayer or modded Minecraft. Anyone who plays vanilla Minecraft should not be concerned. Continue reading to learn everything we know about the security issue.
What's the Java security problem?
Although not much information has been made available about the knock-on effects, we know that the breach is affecting Minecraft modpacks and multiplayer servers. This means hackers could be able access other systems via the chat system in these multiplayer games.
Am I affected?
This won't affect casual Minecraft players. Vanilla worlds (i.e., not modded) will be fine. This issue will not affect single-player worlds that are vanilla (i.e., not modded). To access the latest Minecraft version, you will need to restart the launcher.
If you are a server administrator, part of a multiplayer server or play in any modded Minecraft worlds single- or multi-player, you need to close all Minecraft instances that you have open. You will be given further instructions. If you are playing on an older version Minecraft server, make sure to keep an eye out for Mojang updates and information from your server provider.
This issue doesn't affect console players at any time.
What should you do if you are affected?
We are now releasing Minecraft 1.8.1. This fixes a critical multiplayer security problem, tweaks world visibility, and fixes other bugs.
There is no reason to worry, provided you follow the instructions given by Mojang, Forge, and Paper. Also, keep an eye on your server's updates. Don't play multiplayer Minecraft while you wait.
Mojang's Slicedlime announced that a second Release Candidate was applied overnight to fix the issue. More recently, 1.18.1 has been released which includes the security fix. To ensure you have the latest Minecraft Launcher version, close it if it is open. Double-check that you only open worlds in the latest 1.18.1 version. Keep reading to learn how to do this.
This fix is only applicable to the current 1.18 Minecraft version at the moment. It is recommended that you do not play on older versions or modded ones for the time being, unless you have been given permission by the Mojang, mod team, or server team (for older versions) of Vanilla Minecraft.
PaperMC and Forge regularly update their servers. You can check the Twitter accounts of aurora_smiles_ and voxcpw (Forge), if you use these servers to see which versions have been updated. They are still working on these fixes as of this writing.
Forge 1.18 - 38.0.17 is now available and contains the fix. It is available for download at your earliest convenience. Forge 1.16.2 – 36.2.20 It is in the works. Versions 1.17, 1.15 and 1.12 will be available once Jenkins catches up. We test them.
How to play Minecraft 1.18.1
It's best to ensure that you are playing Minecraft in Minecraft 1.18.1 for the moment. This has been rolled out earlier to address the security issue. This doesn't apply to older Minecraft versions or worlds that use Minecraft mod packs.
Before you hit the Play button to load Minecraft into the launcher, make sure you check the bottom right corner of your screen. A dropdown box will appear that shows either "Latest Release" (or "Latest Snapshot") respectively. You should ensure you are playing the latest release: 1.18.1 as per the below image.
This Minecraft security issue shouldn't stop you from exploring the amazing new views that Caves and Cliffs has brought to you. There are some truly breathtaking views to be found in 1.18.1 worlds. If you are concerned, you can simply keep your single-player world intact and continue your survival or creative adventures as usual.