poi-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 63664] Veracode security issue-Improper Restriction of XML External Entity Reference CWE ID 611 in OOXMLPrettyPrint
Date Wed, 14 Aug 2019 19:33:21 GMT
https://bz.apache.org/bugzilla/show_bug.cgi?id=63664

Andreas Beeker <kiwiwings@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 OS|                            |All

--- Comment #1 from Andreas Beeker <kiwiwings@apache.org> ---
Every now and then we get findings on dev classes, which aren't meant for
production code, but do reside in the release.

These dev/sample classes usually don't get much attention after they've been
thrown in the trunk. I would prefer to move those classes to the test area or
link something like a github project, so it's neither POIs direct
responsibility nor do those cases bubble up when the library get scanned ...
more important, we'd get results for real production code problems ...

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org


Mime
View raw message