On 12/23/2021 10:43 AM, Bill Stewart wrote:
On Thu, Dec 23, 2021 at 8:19 AM Iyana Garry wrote:
Is there any confirmation that Cygwin software is not impacted by the
Apache Log4J vulnerabilities (CVE-2021-44228, CVE-2021-45046 and
CVE-2021-45105)?
I'm not sure why there would need to be any such confirmation. Log4J is a
Java application logging framework.
To clarify further, Java on the Windows platform is Windows native.
While it is possible to invoke Java from Cygwin bash, it is the
native Java one would invoke. I am not aware of any Cygwin programs
that require and invoke Java.
Best wishes - Eliot Moss
--
Problem reports: https://cygwin.com/problems.html
FAQ: https://cygwin.com/faq/
Documentation: https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
