Please follow https://cisa.gov/uscert/apache-log4j-vulnerability-guidance.