[Gpg4win-users-en] No Java -> Gpg4win immune against any Apache Log4j Vulnerabilities
bernhard at intevation.de
Fri Dec 17 12:29:08 CET 2021
Gpg4win and the components coming with it, including the installer,
do _not_ use Java.
So we believe Gpg4win to be immune against any vulnerabilities
in the Java logging library Apache Log4j.
A number of vulnerabilities in the popular logging library
for Java applications have let to an IT emergency
as they are considered a 10.0/10 "critical" CVSS 3
remote exploitable, remote execution defect.
In the wide assessment of IT security, we are getting a few
general questions about the use of this library.
As Gpg4win does not use it, we are fine.
www.intevation.de/~bernhard +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 659 bytes
Desc: This is a digitally signed message part.
More information about the Gpg4win-users-en