We can talk to our strategic partners, but all the modules you listed are ours and they do not include log4j.
The whole idea of a 3rd party bringing log4j as a dependency is very unusual - the logging backend is provided by the Ignition platform and anybody who knows what they are doing would log using the SLF4J logging API and not introduce a parallel logging backend, which would result in an additional set of logs/files being generated.