The developers at Mojang recently discovered a sizable Log4j exploit in Minecraft: Java Edition that put users at an increased risk of having their computer being compromised by outside sources. This has since been patched out, but users will need to follow one of several steps to ensure their version of the game and computer are secure.
Specifically, when using the official Minecraft: Java Edition launcher, you will need to close all instances of the game running on your computer and restart the launcher. This should result in your client downloading the new patch automatically.
This method only works with the official launcher, however. Any third-party launchers or modified clients might be unable to update automatically and if those platforms don’t actively note that they have processed the update across the board, Mojang warns fans that they should “ assume the vulnerability is not fixed and you are at risk by playing.”
Mojang has also listed specific steps to update your client if you host your own Minecraft: Java Edition server based on which version of the game you are using, which you can view on the official Minecraft website—along with other support documents. One thing to note is any versions below 1.7 are not affected by this issue.
Now that this issue has been isolated and patched out, Mojang will continue to update users if any other major exploits are discovered that require immediate updates to ensure security.