Yes, the patch to Apache Log4j 2.16 is recommended.
However, just so you know, there's a new "data exfiltration" bug for Log4j that has been reported to Apache, but in accordance with "responsible disclosure", there is no additional information, only that this means there will be another patch.
The best thing to do is get the process of rolling out these patches well documented and repeatable for the near future.
-JD.