I don't know if the log4j bug can be exploited via arduino, but I think the safe thing is to assume that it can. So to avoid malicious code running on your computer, it might be wise to upgrade to 1.8.18 arduino and this teensyduino:
https://forum.pjrc.com/threads/68972-Teensyduino-1-56-Beta-4