There is a new version of Log4j available since December 27th, and it supposedly fixes the possible exploit in 2.17.0. Do you have any plans to update to that version?
The security software I use, flags version 2.17.0 as compromised.
https://logging.apache.org/log4j/2.x/security.html