In order to avoid a possible conflict between OWS and the actual JNLP applications, both icedtea-web and OpenWebStart dispense with as many dependencies as possible. Therefore, OWS uses its own logging framework which is not affected by the Log4Shell exploit.
The code for logging in OWS can be viewed here:
https://github.com/AdoptOpenJDK/IcedTea ... eb/logging