diff --git a/HMCL/src/main/java/org/jackhuang/hmcl/game/LauncherHelper.java b/HMCL/src/main/java/org/jackhuang/hmcl/game/LauncherHelper.java
index fe96a4f49..f39c21568 100644
--- a/HMCL/src/main/java/org/jackhuang/hmcl/game/LauncherHelper.java
+++ b/HMCL/src/main/java/org/jackhuang/hmcl/game/LauncherHelper.java
@@ -72,11 +72,6 @@ import static org.jackhuang.hmcl.util.i18n.I18n.i18n;
 
 public final class LauncherHelper {
 
-    private static final Set<String> UNSAFE_CLIENT_1_7_XML_SHA1 =
-            Collections.unmodifiableSet(new HashSet<>(Collections.singletonList("6605d632a2399010c0085d3e4da58974d62ccdfe")));
-    private static final Set<String> UNSAFE_CLIENT_1_12_XML_SHA1 =
-            Collections.unmodifiableSet(new HashSet<>(Collections.singletonList("ef4f57b922df243d0cef096efe808c72db042149")));
-
     private final Profile profile;
     private final Account account;
     private final String selectedVersion;
@@ -523,31 +518,12 @@ public final class LauncherHelper {
                                 VersionNumber.VERSION_COMPARATOR.compare("1.14.4-28.2.2", it.getVersion()) <= 0);
                 boolean hasOptiFine = version.getLibraries().stream().anyMatch(it -> it.is("optifine", "OptiFine"));
                 if (hasForge28_2_2 && hasOptiFine && gameVersion.compareTo(VersionNumber.asVersion("1.14.4")) == 0) {
-                    Controllers.confirm(i18n("launch.advice.forge28_2_2_optifine"), i18n("message.error"), continueAction, null);
+                    Controllers.confirm(i18n("launch.advice.forge28_2_2_optifine"), i18n("message.error"), continueAction, breakAction);
                     suggested = true;
                 }
             }
 
-            // CVE-2021-44228 Remote code injection in Log4j
-            if (gameVersion.compareTo(VersionNumber.asVersion("1.7")) >= 0 && gameVersion.compareTo(VersionNumber.asVersion("1.18")) <= 0) {
-                String xmlSha1 = Optional.ofNullable(version.getLogging().get(DownloadType.CLIENT))
-                        .flatMap(loggingInfo -> Optional.of(loggingInfo.getFile()))
-                        .flatMap(idDownloadInfo -> Optional.ofNullable(idDownloadInfo.getSha1()))
-                        .orElse("");
-                if (gameVersion.compareTo(VersionNumber.asVersion("1.12")) < 0) {
-                    if (UNSAFE_CLIENT_1_7_XML_SHA1.contains(xmlSha1)) {
-                        Controllers.confirm(i18n("launch.advice.log4j_cve_2021_44228"), i18n("message.warning"), continueAction, breakAction);
-                        suggested = true;
-                    }
-                } else {
-                    if (UNSAFE_CLIENT_1_12_XML_SHA1.contains(xmlSha1)) {
-                        Controllers.confirm(i18n("launch.advice.log4j_cve_2021_44228"), i18n("message.warning"), continueAction, breakAction);
-                        suggested = true;
-                    }
-                }
-            }
-
-            if (!suggested) {
+            if (!future.isDone()) {
                 future.complete(javaVersion);
             }
 
diff --git a/HMCLCore/src/main/java/org/jackhuang/hmcl/launch/DefaultLauncher.java b/HMCLCore/src/main/java/org/jackhuang/hmcl/launch/DefaultLauncher.java
index a24ee34af..dfab20e42 100644
--- a/HMCLCore/src/main/java/org/jackhuang/hmcl/launch/DefaultLauncher.java
+++ b/HMCLCore/src/main/java/org/jackhuang/hmcl/launch/DefaultLauncher.java
@@ -31,12 +31,14 @@ import org.jackhuang.hmcl.util.Log4jLevel;
 import org.jackhuang.hmcl.util.StringUtils;
 import org.jackhuang.hmcl.util.gson.UUIDTypeAdapter;
 import org.jackhuang.hmcl.util.io.FileUtils;
+import org.jackhuang.hmcl.util.io.IOUtils;
 import org.jackhuang.hmcl.util.io.Unzipper;
 import org.jackhuang.hmcl.util.platform.CommandBuilder;
 import org.jackhuang.hmcl.util.platform.JavaVersion;
 import org.jackhuang.hmcl.util.platform.ManagedProcess;
 import org.jackhuang.hmcl.util.platform.OperatingSystem;
 import org.jackhuang.hmcl.util.platform.Bits;
+import org.jackhuang.hmcl.util.versioning.VersionNumber;
 
 import java.io.*;
 import java.net.InetSocketAddress;
@@ -186,6 +188,10 @@ public class DefaultLauncher extends Launcher {
             res.addDefault("-Dcom.sun.jndi.cosnaming.object.trustURLCodebase=", "false");
         }
 
+        if (isUsingLog4j()) {
+            res.addDefault("-Dlog4j.configurationFile=", getLog4jConfigurationFile().getAbsolutePath());
+        }
+
         Proxy proxy = options.getProxy();
         if (proxy != null && StringUtils.isBlank(options.getProxyUser()) && StringUtils.isBlank(options.getProxyPass())) {
             InetSocketAddress address = (InetSocketAddress) options.getProxy().address();
@@ -339,6 +345,29 @@ public class DefaultLauncher extends Launcher {
         }
     }
 
+    private boolean isUsingLog4j() {
+        return VersionNumber.VERSION_COMPARATOR.compare(repository.getGameVersion(version).orElse("Unknown"), "1.7") >= 0;
+    }
+
+    public File getLog4jConfigurationFile() {
+        return new File(repository.getVersionRoot(version.getId()), "log4j2.xml");
+    }
+
+    public void extractLog4jConfigurationFile() throws IOException {
+        File targetFile = getLog4jConfigurationFile();
+        InputStream source;
+        if (VersionNumber.VERSION_COMPARATOR.compare(repository.getGameVersion(version).orElse("Unknown"), "1.12") < 0) {
+            source = DefaultLauncher.class.getResourceAsStream("/assets/game/log4j2-1.7.xml");
+        } else {
+            source = DefaultLauncher.class.getResourceAsStream("/assets/game/log4j2-1.12.xml");
+        }
+
+        try (InputStream input = source;
+             OutputStream output = new FileOutputStream(targetFile)) {
+            IOUtils.copyTo(input, output);
+        }
+    }
+
     protected Map<String, String> getConfigurations() {
         return mapOf(
                 // defined by Minecraft official launcher
@@ -406,6 +435,10 @@ public class DefaultLauncher extends Launcher {
             decompressNatives(nativeFolder);
         }
 
+        if (isUsingLog4j()) {
+            extractLog4jConfigurationFile();
+        }
+
         File runDirectory = repository.getRunDirectory(version.getId());
 
         if (StringUtils.isNotBlank(options.getPreLaunchCommand())) {
@@ -481,6 +514,10 @@ public class DefaultLauncher extends Launcher {
             decompressNatives(nativeFolder);
         }
 
+        if (isUsingLog4j()) {
+            extractLog4jConfigurationFile();
+        }
+
         String scriptExtension = FileUtils.getExtension(scriptFile);
         boolean usePowerShell = "ps1".equals(scriptExtension);
 
diff --git a/HMCLCore/src/main/resources/assets/game/log4j2-1.12.xml b/HMCLCore/src/main/resources/assets/game/log4j2-1.12.xml
new file mode 100644
index 000000000..569223572
--- /dev/null
+++ b/HMCLCore/src/main/resources/assets/game/log4j2-1.12.xml
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Configuration status="WARN">
+    <Appenders>
+        <Console name="SysOut" target="SYSTEM_OUT">
+            <PatternLayout pattern="[%d{HH:mm:ss}] [%t/%level]: %msg{nolookups}%n" />
+        </Console>
+        <Queue name="ServerGuiConsole">
+            <PatternLayout pattern="[%d{HH:mm:ss} %level]: %msg{nolookups}%n" />
+        </Queue>
+        <RollingRandomAccessFile name="File" fileName="logs/latest.log" filePattern="logs/%d{yyyy-MM-dd}-%i.log.gz">
+            <PatternLayout pattern="[%d{HH:mm:ss}] [%t/%level]: %msg{nolookups}%n" />
+            <Policies>
+                <TimeBasedTriggeringPolicy />
+                <OnStartupTriggeringPolicy />
+            </Policies>
+        </RollingRandomAccessFile>
+    </Appenders>
+    <Loggers>
+        <Root level="info">
+            <filters>
+                <MarkerFilter marker="NETWORK_PACKETS" onMatch="DENY" onMismatch="NEUTRAL" />
+            </filters>
+            <AppenderRef ref="SysOut"/>
+            <AppenderRef ref="File"/>
+            <AppenderRef ref="ServerGuiConsole"/>
+        </Root>
+    </Loggers>
+</Configuration>
diff --git a/HMCLCore/src/main/resources/assets/game/log4j2-1.7.xml b/HMCLCore/src/main/resources/assets/game/log4j2-1.7.xml
new file mode 100644
index 000000000..7bb10beba
--- /dev/null
+++ b/HMCLCore/src/main/resources/assets/game/log4j2-1.7.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Configuration status="WARN">
+    <Appenders>
+        <Console name="SysOut" target="SYSTEM_OUT">
+            <PatternLayout pattern="[%d{HH:mm:ss}] [%t/%level]: %msg%n" />
+        </Console>
+        <Queue name="ServerGuiConsole">
+            <PatternLayout pattern="[%d{HH:mm:ss} %level]: %msg%n" />
+        </Queue>
+        <RollingRandomAccessFile name="File" fileName="logs/latest.log" filePattern="logs/%d{yyyy-MM-dd}-%i.log.gz">
+            <PatternLayout pattern="[%d{HH:mm:ss}] [%t/%level]: %msg%n" />
+            <Policies>
+                <TimeBasedTriggeringPolicy />
+                <OnStartupTriggeringPolicy />
+            </Policies>
+        </RollingRandomAccessFile>
+    </Appenders>
+    <Loggers>
+        <Root level="info">
+            <filters>
+                <MarkerFilter marker="NETWORK_PACKETS" onMatch="DENY" onMismatch="NEUTRAL" />
+                <RegexFilter regex=".*\$\{[^}]*\}.*" onMatch="DENY" onMismatch="NEUTRAL"/>
+            </filters>
+            <AppenderRef ref="SysOut"/>
+            <AppenderRef ref="File"/>
+            <AppenderRef ref="ServerGuiConsole"/>
+        </Root>
+    </Loggers>
+</Configuration>