Don’t miss out on ICTJ's latest news. Subscribe to our newsletter.
Java Addon V10 Patched May 2026
Java is a widely used programming language and computing platform that has enabled the development of a vast array of applications, from simple desktop tools to complex enterprise systems. Its versatility and platform independence have made it a favorite among developers.
Software patching is a common practice where developers release updates to fix bugs, address security vulnerabilities, or enhance the functionality of their software. These patches can be official, released by the software's creators, or unofficial, developed by third-party entities.
In early Q3 2024, a white-hat hacking collective known as NullPointer Breach disclosed CVE-2024-8753 (unofficially dubbed "AddonGate"). The vulnerability existed in the com.addon.v10.remoting.JavaBridge class.
Q: Does upgrading to Java 21 or 23 fix the vulnerability without patching? No. The vulnerability is within the addon’s code, not the JVM. Even the latest JDK versions are vulnerable if you run unpatched Java Addon v10. java addon v10 patched
Q: I’m using Java Addon v11. Am I affected? No. The maintainers silently fixed the JNDI issue in v11 without public disclosure. Only v10 was affected. However, if you are still on v10, you must patch.
Q: Will my Minecraft plugin "SuperCrazyMinigames" still work with the patched version?
It depends. If the plugin uses the addon only for UI or math utilities, yes. If it uses RemoteCallback or NetworkBridge, it will break. Check the plugin’s documentation for "Supports Addon v10 patched."
Q: How can I report a bypass of the patch?
If you find a way to exploit build 284, responsibly disclose to security@patchworklabs[.]io. They offer bounties up to $5,000. Java is a widely used programming language and
After applying, run the built-in verifier:
java -cp java-addon-v10.jar io.java.addon.VerifyPatch
Expected output:
[OK] Deserialization filter active.
[OK] JNI canary check passed.
[OK] Reflection lockdown engaged.
[OK] No Log4j patterns found in environment.
[SUCCESS] Java Addon v10 is fully patched (build 10.4.2_311).
If you see [FAIL] PATCH NOT APPLIED – CRITICAL VULNERABILITIES REMAIN, do not proceed. Expected output:
[OK] Deserialization filter active
Before replacing the .jar file, navigate to your .minecraft/mods or addons folder. Copy the config folder for version 10 to a safe location. Patches sometimes reset your GUI settings.
Verdict: A feature-rich external menu for Minecraft Bedrock that bridges the gap between convenience and "hazard" usage. However, the "Patched" label implies bypassed security or server-side patches, which brings significant stability and security risks.
