Inquiry on Apache Log4j's Effect on Cygwin Software

Eliot Moss moss@cs.umass.edu
Thu Dec 23 15:47:37 GMT 2021


On 12/23/2021 10:43 AM, Bill Stewart wrote:
> On Thu, Dec 23, 2021 at 8:19 AM Iyana Garry wrote:
> 
> Is there any confirmation that Cygwin software is not impacted by the
>> Apache Log4J vulnerabilities (CVE-2021-44228, CVE-2021-45046 and
>> CVE-2021-45105)?
>>
> 
> I'm not sure why there would need to be any such confirmation. Log4J is a
> Java application logging framework.

To clarify further, Java on the Windows platform is Windows native.
While it is possible to invoke Java from Cygwin bash, it is the
native Java one would invoke.  I am not aware of any Cygwin programs
that require and invoke Java.

Best wishes - Eliot Moss


More information about the Cygwin mailing list