Hello,
I know Audacity is not using any JAVA in its code.
But working for a major company, I need to get an official statement that this is the case,
We need to exclude all potential threats, and are currently concerned by Spring4Shell.
OS: Win7 & WIN10
Audacity:
Audacity 2.3.3
Build Information
Program build date:
Nov 15 2019
Commit Id:
008d8d of Fri Nov 15 11:14:55 2019 +0000
Build type:
Release build
Compiler:
MSVC 19.16.27027.01
@Audacity team, you can reply to my recorded email address.
You are unlikely to get an official statement here as “officials / management” rarely if ever come here. This is a community help forum where Audacity users help each other to get the best out of the Audacity software.
Out of interest, how many software companies have written to you with such a guarantee? Do you have such guarantees from Microsoft, Adobe, and all the other software developers that you use, or is your company only concerned about risks with certain kinds of software?
This forum is “the community” part of that statement.
Some of the Audacity Team are sometimes on the discord channel. Feel free to ask there if the source code isn’t sufficient.
I would hope that Audacity clearly being a C++ application and not JAVA would be sufficient.
By the way, if you are concerned about security, be aware that paid Windows 7 ESU are due to end in January.