Concerning the reported Log4J vulnerability (CVE-2021-44228),
you should know that GitLab does not use Log4j or Log4j2 packages.
GitLab was written using Ruby, JS and Go so it uses different log libraries.
If you use GitLab Advance Search or Code Search features (available in paid edition including Premium, Ultimate and Starter)
you should know it runs Elastic (ElasticSearch) behind the scenes, so you should check here for installed versions and a remedy.
You may use code security scanners and vulnerability scanners available in GitLab Ultimate for detecting future vulnerabilities in Java (and other languages).
Related links:
