You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@opennlp.apache.org by GitBox <gi...@apache.org> on 2022/12/06 08:56:15 UTC

[GitHub] [opennlp] rzo1 commented on pull request #435: OPENNLP-1398 - Fix Temporary File Information Disclosure Vulnerability

rzo1 commented on PR #435:
URL: https://github.com/apache/opennlp/pull/435#issuecomment-1338986346

   Most classes are `test`-classes.  The only class, which isn't in `test` is https://github.com/apache/opennlp/blob/master/opennlp-tools/src/main/java/opennlp/tools/ml/model/TwoPassDataIndexer.java - the `tmp` file is used to store some intermediate information about (event) counts and is deleted afterwards. I am not creative enough to think of an attack vector in this case. Maybe @kinow or @jzonthemtn have some thoughts on that one too?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@opennlp.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org