Spring4Shell / Log4Shell

I know Audacity is not using any JAVA in its code.
But working for a major company, I need to get an official statement that this is the case,
We need to exclude all potential threats, and are currently concerned by Spring4Shell.

OS: Win7 & WIN10


Audacity 2.3.3

Build Information
Program build date:
Nov 15 2019
Commit Id:
008d8d of Fri Nov 15 11:14:55 2019 +0000
Build type:
Release build
MSVC 19.16.27027.01

@Audacity team, you can reply to my recorded email address.

Thank you for your support

You are unlikely to get an official statement here as “officials / management” rarely if ever come here. This is a community help forum where Audacity users help each other to get the best out of the Audacity software.

That’s correct, and really that is also your answer.
You can confirm that here: https://github.com/audacity/audacity
See, no JAVA.

Out of interest, how many software companies have written to you with such a guarantee? Do you have such guarantees from Microsoft, Adobe, and all the other software developers that you use, or is your company only concerned about risks with certain kinds of software?

Thank you for your reply.

Before I came here with my request i checked on the website and this was more than explicit:

“Audacity does not offer telephone or email support, but > you can get in touch with the Audacity Team > and the community in the following places:”

For the other question, yes we get either a statement or have enough documentation to qualify (or disqualify) an application.

I will revert to the Github to the security guys and hope they’ll be happy with it.

Thank you

This forum is “the community” part of that statement.
Some of the Audacity Team are sometimes on the discord channel. Feel free to ask there if the source code isn’t sufficient.

I would hope that Audacity clearly being a C++ application and not JAVA would be sufficient.

By the way, if you are concerned about security, be aware that paid Windows 7 ESU are due to end in January.