You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@commons.apache.org by GitBox <gi...@apache.org> on 2019/09/18 15:16:03 UTC

[GitHub] [commons-lang] garydgregory commented on issue #459: (doc): Document public RandomStringUtils exploit

garydgregory commented on issue #459: (doc): Document public RandomStringUtils exploit
URL: https://github.com/apache/commons-lang/pull/459#issuecomment-532732156
 
 
   > @chtompki Because many people don't read the documentation. Especially on the top of classes.
   uh? That's where this kind of information belongs IMO. "Because many people don't" also implies that many people do. So it's not saying much IMO ;-) Don't assume other folks' brain work like yours or or colleagues'.
   
   My POV here is that this is Javadoc for a util class, we don't need to link to articles on a "proof" on reasons to not use it; if we want to discourage use cases in certain scenarios, we just say so and we're done. If there is a CVE to deal with, let's link to that CVE.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services