How to remedy Log4j RCE zero-day exploit vulnerability?

To fix Log4Shell exploit, set formatMsgNoLookups to true.

Set it with a JVM argument:


Or with an environment variable:


This will work only on Log4j versions >= 2.10 and <= 2.14.1.

If you are running an older version, then upgrade to 2.15.0 immediately.

Read more here.