Make sure your Spring Boot project doe not depend on a bad version of log4j.
./gradlew dependencyInsight --dependency log4j-core
If the answer is:
No dependencies matching given input were found in configuration ':compileClasspath'
you are safe.
If you got a match with a version between 2.0.0 and 2.15 you must update to the version 2.16