According to https://github.com/advisories/GHSA-7rjr-3q55-vv33, the current workaround for Log4Shell is NOT sufficient.

Note that previous mitigations involving configuration such as to set the system property log4j2.formatMsgNoLookups to true do NOT mitigate this specific vulnerability.

This means that Minecraft is (potentially) still exploitable. Further research is needed if it just so happens to not be, but I recommend an upgrade to Log4J 2.17.1 wherever possible.

(yes, I know this is already reported as MC-245918, but that has been closed as invalid)
PS: Is the Legacy Launcher affected?