Hello!
Let’s get the thing you are most likely here for out of the way first:
Classkick does not use log4j, and is not vulnerable to CVE-2021–44228.