...
Model adapters may use the log4j 2 libraries as well. For Deltares maintained model adapter code, the vulnerable class (JNDI lookup) is NOT implemented in these adapters, nor are any methods set 'open to the outside world'.
Where applicable, Deltares has upgraded the log4j libraries to version 2.17 and model adapter packages are distributed on request as part of the mitigation plan (see below).
...