Because of the way we use Log4j, SmartClient and SmartGWT are not vulnerable to the exploit described in CVE-2019-17571.
Note also that if you wanted a logging framework that could safely listen on the network for logs, you can use any logging framework you want with SmartClient and SmartGWT, because of our support for slf4j. Learn more here.