The forum post about log4j vulnerabilites that you shared has all the information you need.
It mentions CVE-2021-45105
many times saying that both Logstash and Elasticsearch are not vulnerable to it.
Dec 18, 2021 - 23:40 UTC - Added statement that Elasticsearch, Logstash, and APM Java agent have no known vulnerabilities to CVE-2021-45105
The version you are using reached EOL and it is not supported any more, you need to update to the last version in the version 7 branch which is 7.17.10
.
Check the breaking changed between your version and the last one and plan your upgrade.
No, not possible, you cannot upgrade just the log4j library, you need to upgrade the entire tool.