Skip to main content

Minecraft: Java Edition 1.18.1 patch update arrives with fix for security vulnerability and more

Minecraft Caves and Cliffs Update Image
Minecraft Caves and Cliffs Update Image (Image credit: Mojang Studios)

What you need to know

  • Mojang Studios has been working on a new patch update for Minecraft: Java Edition players.
  • The studio recently found a critical security vulnerability that affects Minecraft: Java Edition.
  • Minecraft: Java Edition 1.18.1 is now rolling out with its usual fix and a patch for the security flaw.
  • All players should download this patch as soon as possible, while game server hosts may need to take extra steps.

Minecraft is never done, with Mojang Studios constantly working behind-the-scenes on improvements and additions. On Friday, the team released the Minecraft: Java Edition 1.18.1 patch update to all players, which includes a handful of fixes and tweaks to improve the experience. However, Mojang also recently found a critical security vulnerability in Minecraft: Java Edition, which is resolved by this patch update. All Minecraft players, and especially game server hosts, are strongly encouraged to download this patch as soon as possible. You can find more information on the security vulnerability below.

This patch update is the first for Minecraft: Java Edition after the release of 1.18 Caves and Cliffs Update Part Two, the second and final part of the Caves and Cliffs Update. Aside from the security patch, this release focuses on handful of bugs, including a reduction of fog in the distance and a fix for render distance being shorter than it should be.

Minecraft is one of the greatest games ever made, and holds on to its title as one of the best PC games by continually evolving with new features and content. The Wild Update, releasing sometime during 2022, will update Minecraft's Overworld with new mobs, blocks, and more.

In case you missed it, here are all the changes and additions in 1.18 Caves and Cliffs Update Part Two.

Here's what you need to know about the security vulnerability in Minecraft: Java Edition:

Mojang Studios reportedly discovered a security vulnerability that could potentially comprise the computers playing it. Apparently, the exploit was discovered within Log4j, a commonly used logging library that can affect various servers in addition to Minecraft: Java Edition. The 1.18.1 patch update resolves this security flaw, but the steps needed to install it differ for some people

Minecraft: Java Edition players

  • Regular Minecraft: Java Edition players only need to install the 1.18.1 patch update, which should automatically download and install whenever the game and Minecraft Launcher are both closed out and fully restarted

Third-party clients and servers

  • Players enjoying their time in third-party clients or servers in Minecraft: Java Edition will need to follow the advice and discretion of the third-party client or server if it's not automatically updated. If a third-party client or server has stated the patch has not been installed and the vulnerability still exists, avoid playing there for the time being

Game server hosts

  • Players hosting their own game servers in Minecraft: Java Edition still need to install the 1.18.1 patch update to protect their server, but may have to take additional steps to patch the vulnerability fully
    • Players should attempt to update to 1.18.1 from 1.18 if possible
    • If unable to download the patch update to 1.18 or playing on any version of 1.17, add the following JVM argument to your startup command line: -Dlog4j2.formatMsgNoLookups=true
    • If playing on any version from 1.12 to 1.16.5, download this file and add the following JVM argument to your startup command line: -Dlog4j.configurationFile=log4j2_112-116.xml
    • If playing on any version from 1.7 to 1.11.2, download this file and add the following JVM argument to your startup command line: -Dlog4j.configurationFile=log4j2_17-111.xml
    • Older versions of Minecraft are not affected by the security vulnerability

The full changelog for Minecraft: Java Edition 1.18.1 patch update includes:

Technical changes

  • Fixed an issue that would cause players on low-bandwidth connections to get timeout errors when connecting to a server
  • World fog now starts further away from the player, to make distant terrain more visible
  • Instead of applying fog as a spherical volume it is now applied as a cylindrical volume

Fixed bugs

  • Actual render distance is two chunks lower than render distance setting
  • Beacon's power reverts back to previous one on world reload
  • Bees inside of bee hives / nests sometimes despawn when the world is reloaded
  • "Observer activating without any updates nearby, caused by /clone"
  • Chunk render distance on servers seems shorter than in 1.17.1
  • Random nonfatal exceptions in console: Failed to store chunk ConcurrentModificationException
Zachary Boddy
News Writer, Minecraft Expert

Zachary Boddy is the Minecraft Expert and a News Writer for Windows Central, Android Central, and iMore. They have been gaming and writing for most of their life, and have been freelancing for Windows Central and its sister sites since 2019, with a focus on Xbox and PC gaming. You can find Zachary on Twitter @BoddyZachary.