Aggregate reached end-of-life status on May 2021 and is no longer being updated.
I have taken a cursory look at Aggregate's dependencies and I do not believe it is susceptible to the recent log4j vulnerability (CVE-2021-44228).
That said, you should not be running Aggregate because it is likely susceptible to other vulnerabilities.
I urge you to migrate to Central. Get started with the install docs.