Black Hill Software does not use or distribute Apache Log4j in any of our products.
EasySMF:JE does use SLF4J which can be configured by the customer to use Log4j, if the customer provides the Log4j components. Even in this case EasySMF:JE does not log any information from untrusted sources so we do not believe it is vulnerable to this exploit.
However, if customers have configured logging to use Apache Log4j they should upgrade Log4j to a fixed version.