[GitHub] [commons-lang] garydgregory commented on issue #459: (doc): Document public RandomStringUtils exploit

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[GitHub] [commons-lang] garydgregory commented on issue #459: (doc): Document public RandomStringUtils exploit

GitBox
garydgregory commented on issue #459: (doc): Document public RandomStringUtils exploit
URL: https://github.com/apache/commons-lang/pull/459#issuecomment-532732156
 
 
   > @chtompki Because many people don't read the documentation. Especially on the top of classes.
   uh? That's where this kind of information belongs IMO. "Because many people don't" also implies that many people do. So it's not saying much IMO ;-) Don't assume other folks' brain work like yours or or colleagues'.
   
   My POV here is that this is Javadoc for a util class, we don't need to link to articles on a "proof" on reasons to not use it; if we want to discourage use cases in certain scenarios, we just say so and we're done. If there is a CVE to deal with, let's link to that CVE.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[hidden email]


With regards,
Apache Git Services