If you’re running a legacy version of Minecraft: Java Edition, you may be exposed to security vulnerability within Log4j, a common Java logging library, that affects Minecraft: Java Editions 1.7 to 1.17.
The latest versions do not contain this exploit, so we recommend you Download Minecraft & Server Software and update to the latest version of Minecraft for security.
Hosting a legacy version of Minecraft safely
If you’re hosting a legacy Minecraft: Java Edition server and decide not to update, follow these steps to secure your version.
- 1.18: Upgrade to 1.18.1. Otherwise, use the same approach as for 1.17.x below.
-
1.17: Add these JVM arguments to your startup command line:
-Dlog4j2.formatMsgNoLookups=true -
1.12-1.16.5: Download this XML file to the working directory where your server runs. Then add these JVM arguments to your startup command line:
-Dlog4j.configurationFile=log4j2_112-116.xml -
1.7-1.11.2: Download this XML file to the working directory where your server runs. Then add these JVM arguments to your startup command line:
-Dlog4j.configurationFile=log4j2_17-111.xml