Please be aware that it's possible to trigger a JNDI lookup from an input plugin, before any filter kicks in, therefore I'd refrain from relying on this workaround.
The only known mitigation until the release is out is to remove the class from the log4j jar as stated in the advisory.
3 Likes