I answered you in the other thread where you also asked the question about v6 pricing, but I thought I would post it here in case someone stumbled upon it.
We have audited our systems, and we are not susceptible to the Log4J vulnerability. The two main services we use for data processing and storage are Heroku and MongoDB. In performing their own audits, both of those systems didn't find vulnerabilities for the services we use.
If you were to look into this on your own, you would find that Salesforce (they own Heroku) is currently in the process of patching their systems to make sure everything is safe. However, Heroku's services specifically were not affected. For MongoDB, you would find that one of their services called "MongoDB Atlas Search" was found to be affected by the vulnerability but has since been patched. What's important here is that we don't use the "Atlas Search" features, so mSecure would not have been affected.