None of the versions of i2b2 are using the effected version of the log4j vulnerability.
Early versions of tranSMART (v16 and earlier) use earlier versions of the log4j-code that do not have the vulnerability (log4j-1.*).
tranSMART 19.1 which is available for beta testing, has also been upgraded to the latest log4j-core-2.16.0 and does not have the vulnerability.
For If you have questions contact i2b2 tranSMART Foundation here.