Doesn't seem like there's much information on this one yet, but preemptively filing a tracker. Fix is in 2.17.0.
Elastic products unaffected here, too: https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476