To fix
Log4Shell exploit, set formatMsgNoLookups to true.Set it with a JVM argument:
-Dlog4j2.formatMsgNoLookups=true
Or with an environment variable:
LOG4J_FORMAT_MSG_NO_LOOKUPS=true
This will work only on Log4j versions >= 2.10 and <= 2.14.1.
If you are running an older version, then upgrade to 2.15.0 immediately.
Read more here.