Our plugins for FileMaker and Xojo can live very well without Java.
But we offer the functionality to use Java functions to load and execute Java software within your application. So in case you load a jar package with our plugin, please check whether it contains log4j package.
And in general it may be a good idea to make sure you have up to date software. For your server, it may be good to limit the outgoing traffic, e.g. disallow LDAP queries except maybe to your own LDAP or Active Directory server.
To all companies using open source software: Please consider to budget money and development time to contribute to the various open source projects, so they are not depending alone on someone maintaining them in their spare time. See also Dependency on xkcd.com