I may have been dyslexic, but originally I read the issue as being with Log4J 2.1 releases.
Regardless, you are correct that all Log4j2 version 2 and higher up to and including 2.15 are vulnerable, although 2.15 has reduced weakness and is covered under a different CVE.
2.16.0 removes the fatal feature altogether, although it does so thoroughly that it may break some applications, so
testing is advised.