I am actually using JBPM install for the Rule Engine, and you are correct it uses SLF4J (see the following list)
./jbpm/standalone/tmp/vfs/temp/tempe9e630c629daac9f/content-1c42d20eaab11138/WEB-INF/lib/log4j-over-slf4j-1.7.30.jar
./jbpm/standalone/tmp/vfs/temp/tempe9e630c629daac9f/content-fbf85807027a13c8/WEB-INF/lib/log4j-to-slf4j-2.13.2.jar
./jbpm/standalone/tmp/vfs/temp/tempe9e630c629daac9f/content-fbf85807027a13c8/WEB-INF/lib/log4j-api-2.13.2.jar
./jbpm/standalone/tmp/vfs/temp/tempe9e630c629daac9f/content-fbf85807027a13c8/WEB-INF/lib/log4j-over-slf4j-1.7.30.jar
./jbpm/standalone/tmp/vfs/deployment/deploymentd95d18d8ff3fa18b/log4j-over-slf4j-1.7.30.jar-e4e7845da9666799
./jbpm/standalone/tmp/vfs/deployment/deploymentd95d18d8ff3fa18b/log4j-over-slf4j-1.7.30.jar-e4e7845da9666799/log4j-over-slf4j-1.7.30.jar
./jbpm/standalone/tmp/vfs/deployment/deploymentd95d18d8ff3fa18b/log4j-over-slf4j-1.7.30.jar-e4e7845da9666799/contents
./jbpm/standalone/tmp/vfs/deployment/deploymentd95d18d8ff3fa18b/log4j-to-slf4j-2.13.2.jar-c8e97a4d3ae038fc
./jbpm/standalone/tmp/vfs/deployment/deploymentd95d18d8ff3fa18b/log4j-to-slf4j-2.13.2.jar-c8e97a4d3ae038fc/log4j-to-slf4j-2.13.2.jar
./jbpm/standalone/tmp/vfs/deployment/deploymentd95d18d8ff3fa18b/log4j-to-slf4j-2.13.2.jar-c8e97a4d3ae038fc/contents
./jbpm/standalone/tmp/vfs/deployment/deploymentd95d18d8ff3fa18b/log4j-api-2.13.2.jar-e13b1637eeb88ef1
./jbpm/standalone/tmp/vfs/deployment/deploymentd95d18d8ff3fa18b/log4j-api-2.13.2.jar-e13b1637eeb88ef1/log4j-api-2.13.2.jar
./jbpm/standalone/tmp/vfs/deployment/deploymentd95d18d8ff3fa18b/log4j-api-2.13.2.jar-e13b1637eeb88ef1/contents
./jbpm/standalone/tmp/vfs/deployment/deploymentd95d18d8ff3fa18b/log4j-over-slf4j-1.7.30.jar-55c2fc82e525c2fe
./jbpm/standalone/tmp/vfs/deployment/deploymentd95d18d8ff3fa18b/log4j-over-slf4j-1.7.30.jar-55c2fc82e525c2fe/log4j-over-slf4j-1.7.30.jar
./jbpm/standalone/tmp/vfs/deployment/deploymentd95d18d8ff3fa18b/log4j-over-slf4j-1.7.30.jar-55c2fc82e525c2fe/contents
Are we sure this one does not have the Day-zero security vulnerability?