Java log4j Vulnerability Update

We have investigated the possible consequences on AdaCore products and services of the critical vulnerability affecting the Java log4j logging facility and also known as log4shell. This family of vulnerabilities is documented as CVE-2021-4104, CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105.

We can confirm that AdaCore is not affected.

More specifically, we have verified that these vulnerabilities do not affect the GNAT Tracker customer support server, our corporate website adacore.com and learn.adacore.com. The affected component is not used on these servers.

We have also checked that AdaCore software development products, in particular GNAT Pro, CodePeer, QGen, SPARK Pro, GtkAda, AWS, and XMLAda are not affected.

Finally, we have verified that the internal software production tools (commonly known as a DevSecOps pipeline) is not affected either.

Feel free to get back to us if you have any more questions on this issue