Customers would like an official statement from nopCommerce about Log4Shell (https://en.wikipedia.org/wiki/Log4Shell) Are nopCommerce sites vulnerable to this?
Log4j aka Log4Shell is a java logging library so nopCommerce doesn't use it. Btw, There's a port for .Net also which is named log4net. If you manually changed the default logger to this one there could be security cautions !