They only had to hand off the string to the log4j logger, not parse it. If they parsed it and bombed, then they short circuited the vulnerability.
I think using commands will be helpful although many sources prefer installing apache updates I use this guide : Fixing Log4J in Minecraft Hosting: Foolproof Ways to Secure your Game Server | Cloudzy and temporary my problem fixed . I hope it dosent return
Useful link for those who run servers!