If you run, uh, anything in Java that logs things (Java Minecraft? A random webapp? Whatever.) and it's exposed to the internet, you might want to take it down and/or get it patched real fast. The log4j vulnerability can pretty much be sprayed everywhere much like "shellshock", and gives up code execution to an attacker, so widespread scanning / attacks are likely imminent.

Decent writeup at https://www.lunasec.io/docs/blog/log4j-zero-day/ .