Provar and the Log4J vulnerability
Provar is aware of the Log4J vulnerability that became public on the 9th December.
From our initial analysis we do not believe that Provar is vulnerable.
The attack involves injecting messages into server logs with placeholder variables that are then looked up in an external LDAP server. Since Provar is a desktop/command line tool it does not provide this mechanism for exploiting the vulnerability.
Provar does not log any server activity and offers no other mechanisms by which an attacker could inject these strings into Log4j.