Minecraft: Java Edition 1.18.1 patch update arrives with fix for security vulnerability and more

Minecraft Caves and Cliffs Update Image (Image credit: Mojang Studios)

What you need to know

Mojang Studios has been working on a new patch update for Minecraft: Java Edition players.
The studio recently found a critical security vulnerability that affects Minecraft: Java Edition.
Minecraft: Java Edition 1.18.1 is now rolling out with its usual fix and a patch for the security flaw.
All players should download this patch as soon as possible, while game server hosts may need to take extra steps.

Minecraft is never done, with Mojang Studios constantly working behind-the-scenes on improvements and additions. On Friday, the team released the Minecraft: Java Edition 1.18.1 patch update to all players, which includes a handful of fixes and tweaks to improve the experience. However, Mojang also recently found a critical security vulnerability in Minecraft: Java Edition, which is resolved by this patch update. All Minecraft players, and especially game server hosts, are strongly encouraged to download this patch as soon as possible. You can find more information on the security vulnerability below.

This patch update is the first for Minecraft: Java Edition after the release of 1.18 Caves and Cliffs Update Part Two, the second and final part of the Caves and Cliffs Update. Aside from the security patch, this release focuses on handful of bugs, including a reduction of fog in the distance and a fix for render distance being shorter than it should be.

Minecraft is one of the greatest games ever made, and holds on to its title as one of the best PC games by continually evolving with new features and content. The Wild Update, releasing sometime during 2022, will update Minecraft's Overworld with new mobs, blocks, and more.

In case you missed it, here are all the changes and additions in 1.18 Caves and Cliffs Update Part Two.

Here's what you need to know about the security vulnerability in Minecraft: Java Edition:

Mojang Studios reportedly discovered a security vulnerability that could potentially comprise the computers playing it. Apparently, the exploit was discovered within Log4j, a commonly used logging library that can affect various servers in addition to Minecraft: Java Edition. The 1.18.1 patch update resolves this security flaw, but the steps needed to install it differ for some people

Minecraft: Java Edition players

Regular Minecraft: Java Edition players only need to install the 1.18.1 patch update, which should automatically download and install whenever the game and Minecraft Launcher are both closed out and fully restarted

Third-party clients and servers

Players enjoying their time in third-party clients or servers in Minecraft: Java Edition will need to follow the advice and discretion of the third-party client or server if it's not automatically updated. If a third-party client or server has stated the patch has not been installed and the vulnerability still exists, avoid playing there for the time being

Game server hosts

Players hosting their own game servers in Minecraft: Java Edition still need to install the 1.18.1 patch update to protect their server, but may have to take additional steps to patch the vulnerability fully
- Players should attempt to update to 1.18.1 from 1.18 if possible
- If unable to download the patch update to 1.18 or playing on any version of 1.17, add the following JVM argument to your startup command line: -Dlog4j2.formatMsgNoLookups=true
- If playing on any version from 1.12 to 1.16.5, download this file and add the following JVM argument to your startup command line: -Dlog4j.configurationFile=log4j2_112-116.xml
- If playing on any version from 1.7 to 1.11.2, download this file and add the following JVM argument to your startup command line: -Dlog4j.configurationFile=log4j2_17-111.xml
- Older versions of Minecraft are not affected by the security vulnerability

The full changelog for Minecraft: Java Edition 1.18.1 patch update includes:

Technical changes

Fixed an issue that would cause players on low-bandwidth connections to get timeout errors when connecting to a server
World fog now starts further away from the player, to make distant terrain more visible
Instead of applying fog as a spherical volume it is now applied as a cylindrical volume

Fixed bugs

Actual render distance is two chunks lower than render distance setting
Beacon's power reverts back to previous one on world reload
Bees inside of bee hives / nests sometimes despawn when the world is reloaded
"Observer activating without any updates nearby, caused by /clone"
Chunk render distance on servers seems shorter than in 1.17.1
Random nonfatal exceptions in console: Failed to store chunk ConcurrentModificationException

A catalog of games

Xbox Game Pass Ultimate

All your gaming needs, in one subscription.

Is the Xbox Game Pass Ultimate the best value in all of gaming? It's possible. Ultimate bundles your Xbox Live Gold subscription, an Xbox Game Pass subscription for both Xbox consoles and Windows PCs, and Xbox Cloud Gaming for on-the-go. That means access to hundreds of games, with more added all the time, for a single monthly subscription cost.

Zachary Boddy (They / Them) is a Staff Writer for Windows Central, primarily focused on covering the latest news in tech and gaming, the best Xbox and PC games, and the most interesting Windows and Xbox hardware. They have been gaming and writing for most of their life starting with the original Xbox, and started out as a freelancer for Windows Central and its sister sites in 2019. Now a full-fledged Staff Writer, Zachary has expanded from only writing about all things Minecraft to covering practically everything on which Windows Central is an expert, especially when it comes to Microsoft. You can find Zachary on Twitter @BoddyZachary.