Prosody is not vulnerable to the Log4j flaw. Log4j is a Java logging library, but Prosody is written mostly in Lua and does not use Java or have any Java dependencies.
Prosody does use OpenSSL via LuaSec, but is typically not using OpenSSL 3.0 which is the version affected by this security issue. Right now we recommend that people use OpenSSL 1.1.1 with Prosody, which is safe and the default version on most systems currently.
Regards,
Matthew