Here is a workaround / temporary mitigation I'm using from another thread which utilizes a Dockerfile - Zero-day-exploit in log4j2 which is part of elasticsearch - #35 by Kami.
Keep in mind that glob expansion approach didn't work for me so I use full absolute path - make sure the full path is the same in your case (it may be different with older logstash versions, but I didn't dig in).