Hello,
as the Spark client is also a java based application we’re wondering if the client is (as the openfire server) affected by this log4j security issue.
https://logging.apache.org/log4j/2.x/security.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228
Best regards
Spark should be unaffected by this problem.
Spark itself does not use the Log4j framework for logging (instead, it uses Java Util Logging). There are some libraries that pull in Log4j as a dependency, but those are a) unlikely to be used, and b) (very) old versions of log4j that do not have this vulnerability.
This is not the same Spark!
Here is the correct link https://github.com/igniterealtime/Spark
As @ilyaHlevnoy said: the Apache Spark project and our Spark XMPP client project are two completely unrelated projects.
In our defense: we used the name first. 
I apologize for the confusion!