File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 3131 of the Commons project</a >.</p >
3232 </section >
3333
34+ <section name =" Security Model" >
35+ <p >Commons Compress may be used to process untrusted input data.
36+ This should not trigger network access, unbounded deserialization
37+ or code execution. It may require processing power proportional to
38+ the size of the input. An input causing an OutOfMemoryError,
39+ StackOverflowError, or another Error may be considered a DoS
40+ vulnerability when it is unexpected based on the size of the input
41+ and the resources (RAM, disk, etc) allocated to the process.</p >
42+
43+ <p >Input causing any other RuntimeException is expected and not a
44+ vulnerability, but may be a regular bug when a more appropriate
45+ Exception is available</p >
46+
47+ <p >Regular API parameters are typically designed to work with input
48+ that is either trusted or validated/sanitized by the application
49+ using the library unless otherwise specified, in accordance with
50+ the general <a href =" https://commons.apache.org/security.html#Security_Model" >
51+ Apache Commons Security Model</a >.</p >
52+ </section >
53+
3454 <section name =" Apache Commons Compress Security Vulnerabilities" >
3555 <p >This page lists all security vulnerabilities fixed in
3656 released versions of Apache Commons Compress. Each
You can’t perform that action at this time.
0 commit comments