slf4j The SLF4J API is just an API which lets message data go through. As such, using log4j 2.x, even via SLF4J does not mitigate the vulnerability.
log4j Apache Log4j2 does not always protect from infinite recursion in lookup evaluation Java 8 (or later) users should upgrade to release log4j 2.17.0.
logback It is deemed safe with respect to CVE-2021-44228
ref. Comments on the CVE-2021-44228 vulnerability http://slf4j.org/log4shell.html
Apache Log4j Security Vulnerabilities https://logging.apache.org/log4j/2.x/security.html
Log4Shell: RCE 0-day exploit found in log4j 2, a popular Java logging package https://www.lunasec.io/docs/blog/log4j-zero-day/