Java log4j Vulnerability Update

We have investigated the possible consequences on AdaCore products and services of the critical vulnerability affecting the Java log4j logging facility documented as CVE-2021-4428 and also known as log4shell. We can confirm that AdaCore is not affected.

More specifically, we have verified that this vulnerability does not affect the GNAT Tracker customer support server, our corporate website adacore.com and learn.adacore.com. The affected component is not used on these servers.

We have also checked that AdaCore software development products, in particular GNAT Pro, CodePeer, QGen, SPARK Pro, GtkAda, AWS, and XMLAda are not affected.

Finally, we have verified that the internal software production tools (commonly known as a DevSecOps pipeline) is not affected either.

Feel free to get back to us if you have any more questions on this issue.