SmartPLS 4 does not contain Log4J and is therefore not affected by the Log4J vulnerability.
SmartPLS (up to version 3.3.3) contained an older version of Log4J. However, the security risk is low, because SmartPLS is not a server application and does not use Log4J for logging. Therefore, the vulnerability cannot be exploited.
Nevertheless, we recommend installing the latest SmartPLS version.
Users of our floating license servers do not have to worry either. Log4J is indeed included here as well. However, the used version 1.2.17 is not affected by the security problem.