Rebecca Reed

As was identified in the original posting, ports 19132 and 19133 are expected. The problem is, after specifying a new port for IPv4, a new, unspecified and random port was opened for IPv6 on (for me) 64114. This port is not the same port that opens every time, but is chosen at random and can be used as a means to backdoor an unwitting server owner and infiltrate the hosting system. This issue either needs to be addressed by Mojang as intentional or fixed, in order to prevent server hosts from malicious attacks due to poor coding.

I would agree with you, except that on the original issue (listed above), the concern was it creating/choosing a random port to open. I have both the configurations that were specified as well as the result when running BDS. The bug would be a security flaw, when it opens a port (regardless of TCP or UDP) for the express intent to allow traffic. Additionally, the port is chosen at random when you start BDS, thus making it difficult to prevent. This is a security bug and should be patched, to ensure no user inadvertently exposes their networks to unwanted incoming traffic.

TL;DR: The bug is a security risk, by requesting the computer to communicate through a port not specified or directed by the server owner.