You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Include instructions somewhere (well-known location) about reporting security issues along with warnings about spamming because of naive security scanners.
If it's a real issue you've personally discovered and can explain, feel free to drop me an email.
If it's some security tool logging a warning, that is 95% likely not to be a security issue but rather a bug in the tool. You can file that here after you have investigated if you are willing to vouch that it is a true security issue, but be aware that these tools are almost never correct when analyzing Jaxen.
Things that are NOT security bugs in Jaxen:
Anything in your dependency tree whose source code is not in this repo. You control your classpath. Jaxen doesn't. If you don't like what's in the classpath, change it.
Properly implementing XML 1.0 according to the specification.
Properly implementing XPath 1.0 according to the specification.
Being able to load a URL from Java code.
Probably not security bugs in Jaxen:
Problems that only appear when your code (not Jaxen's) accepts untrusted, unvalidated user input
Possible security bugs in Jaxen (if you can find one, none are currently known to exist):
XPath expressions that cause infinite loops in the parser or exponential performance problems.
The text was updated successfully, but these errors were encountered:
Include instructions somewhere (well-known location) about reporting security issues along with warnings about spamming because of naive security scanners.
If it's a real issue you've personally discovered and can explain, feel free to drop me an email.
If it's some security tool logging a warning, that is 95% likely not to be a security issue but rather a bug in the tool. You can file that here after you have investigated if you are willing to vouch that it is a true security issue, but be aware that these tools are almost never correct when analyzing Jaxen.
Things that are NOT security bugs in Jaxen:
Probably not security bugs in Jaxen:
Possible security bugs in Jaxen (if you can find one, none are currently known to exist):
The text was updated successfully, but these errors were encountered: