In a nutshell, what we can assure you is plain and simple:
No yWorks product or service uses the Java-based Log4j logging utility and thus none of our products or services is affected by the critical vulnerability known as CVE-2021-44228.
So, no matter if you are a user of our free graph editor applications like yEd or yEd Live OR a user of our Graphity for Confluence diagram editor OR are a licensee of one of our commercial yFiles diagramming SDKs that's used integrated in your own software application: none of them will expose you or the users of your own software to this critical vulnerability.
On a general note, all versions of yFiles follow a strict zero external dependencies policy. But your application might still depend on log4j, so be sure to check it!