重要官方公告：Java 版中的安全漏洞

Important Message: Security vulnerability in Java Edition

重要消息：Java 版中的安全漏洞

Follow these steps to secure your game

根据以下步骤保护你的游戏

Hello everyone! Earlier today, we identified a vulnerability in the form of an exploit within Log4j – a common Java logging library. This exploit affects many services – including Minecraft Java Edition.

各位好！今日早些时候，我们识别到在 Log4j——一个常用的 Java 日志库中存在重大安全漏洞。此漏洞波及到了许多服务——包括 Minecraft Java 版。

This vulnerability poses a potential risk of your computer being compromised, and while this exploit has been addressed with all versions of the game client patched, you still need to take the following steps to secure your game and your servers.

此漏洞使你的电脑有机会被损害。我们已经发布紧急更新，在所有受影响的游戏版本中封堵了此漏洞，你仍然需要通过以下几步来保护你的游戏和服务器。

What you need to do

你需要做什么

Official game client

官方游戏客户端

If you play Minecraft: Java Edition, but aren’t hosting your own server, you will need to take the following steps: Close all running instances of the game and the Minecraft Launcher. Start the Launcher again – the patched version will download automatically.

若你游玩 Minecraft：Java 版，但没有自己的服务器，你需要进行以下步骤：关闭所有正在运行的游戏实例和官方启动器。然后重启启动器，已修复的版本会自动下载。

Modified clients and third-party launchers

Mod 客户端和第三方启动器

Modified clients and third-party launchers might not be automatically updated. In these cases, we recommend following the advice of your third-party provider. If the third-party provider has not patched the vulnerability, or has not stated it is safe to play, you should assume the vulnerability is not fixed and you are at risk by playing.

Mod 客户端和第三方启动器可能没有实施修补。因此，我们建议你遵循你的第三方提供商的意见。如果第三方提供商尚未修补此漏洞，或仍未声明游戏可以安全游玩，你应该假设漏洞还没有被修复，游玩游戏存在很大风险。

Game Server

服务端

If you’re hosting your own Minecraft: Java Edition server, you'll need to take different steps depending on which version you’re using, in order to secure it.

如果你有自己的 Java 版服务器，你需要根据你的游戏版本进行不同的步骤，以保护你的电脑。

1.18: Upgrade to 1.18.1, if possible. If not, use the same approach as for 1.17.x:

1.18：升级到 1.18.1。如果这不可能，按照 1.17 的方法进行修补

1.17: Add the following JVM arguments to your startup command line:

-Dlog4j2.formatMsgNoLookups=true

1.17：在你的启动脚本中加入如下 JVM 参数：

-Dlog4j2.formatMsgNoLookups=true

1.12-1.16.5: Download this file to the working directory where your server runs. Then add the following JVM arguments to your startup command line:

-Dlog4j.configurationFile=log4j2_112-116.xml

1.12-1.16.5：下载 此文件 到你的服务器的工作路径。然后在你的启动脚本中加入如下 JVM 参数：

-Dlog4j.configurationFile=log4j2_112-116.xml

1.7-1.11.2: Download this file to the working directory where your server runs. Then add the following JVM arguments to yourstartup command line:

-Dlog4j.configurationFile=log4j2_17-111.xml

1.7-1.11.2：下载 此文件 到你的服务器的工作路径。然后在你的启动脚本中加入如下 JVM 参数：

-Dlog4j.configurationFile=log4j2_17-111.xml

Versions below 1.7 are not affected

1.7 以下的版本不受影响

We’ll post any additional information on our social media channels, so keep an eye out! Thank you!

若有任何更多消息，我们将会在社交媒体上发布，同时我们也会在 MCBBS 幻翼块讯板块持续跟进官方消息，请务必持续关注！感谢您的理解和配合！