Update: Community Security Advisory posted here: Urgent Security Advisory 2021-12-11 (re Apache Log4j 2)
(To keep things in one place please use that thread for questions or public discussion.)
Special kudos to you @achachiez; even though we were already investigating this your action in raising this was great.