As you all know, the Log4J exploit situation has continued to evolve, and our security team has just released the latest recommendations for dealing with the latest know issues.
Read the tech note here: https://helpx.adobe.com/coldfusion/kb/log4j-2-17-0-vulnerability-coldfusion.html
Folks who have already updated their Log4J versions to 2.17.1 are at the recommended level. However, please note that even though Log4J 2.17.0 was found to have a potential attack vector, our security team did not find any exploitable attack vector or mechanism with Adobe ColdFusion. That being said, as a best practice, it is still recommended that you upgrade your version to 2.17.1 as described in the article posted above.