The only technology in Signals Image Artist's architecture that uses Java is within the Keycloak framework.
As per the following article Keycloak does not include the Log4j libraries that are affected by the Log4j remote code injection vulnerability (CVE-2021-44228), and for this reason Signals Image Artist is not impacted. Please see the following article for further details: