13 October, 2022
This vulnerability could lead to your computer being compromised. A patch has been released to the game client to address the issue, but you should still take the following steps in order to protect your game and servers.
If you are playing Minecraft: Java Edition but don't have your own server, the following steps will be required: Close all instances of Minecraft and close the Minecraft Launcher. Start the Launcher once more – the patched version of Minecraft will automatically download.
Third-party launchers and clients that have been modified might not get an automatic update. We recommend that you follow the advice of your third party provider in these situations. If your third-party provider does not have a solution or declare it safe to play, then you can assume that the vulnerability is not fixed.
You will need to follow different steps if you host your Minecraft: Java Edition server.Depending on the version, you may need to lock it.
-Dlog4j2.formatMsgNoLookups=true
-Dlog4j.configurationFile=log4j2_112-116.xml
-Dlog4j.configurationFile=log4j2_17-111.xml
As more information becomes available, this post will be updated.