...
We do not include our own log4j in our apps. The logging is done by the logging functionality provided by Atlassian.
This means: our Our apps would only be affected by the log4j vulnarability if Jira/Confluence was. This - according to Atlassian - is not the case. You can find more information about this in this FAQ: https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html
...