Are any LLVM components affected by the recent log4j issues?

As one of the points of contact at CERT for LLVM, I’ve received messages from CERT asking if LLVM is affected by any of the recent log4j vulnerabilities: CVE-2021-45105, CVE-2021-4104, CVE-2021-45046 and CVE-2021-44228. It seems CERT is reaching out to every single vendor registered with them about these vulnerabilities.

As far as I know no LLVM sub-project uses Java, so LLVM should not be vulnerable to any of the log4j issues.

Before I go ahead and record in the CERT database that LLVM is not affected, I thought I’d just double check if anyone is aware of any use of Java in LLVM and/or any potential way LLVM could be affected by the recent log4j issues?

Thanks,

Kristof