Marcono1234
commented
1 year ago @dain and @electrum, could you please have a look at this?
Also @dain, because https://github.com/dain/snappy now refers to this repository here and because snappy is archived and I cannot comment there anymore, should a CVE be requested for https://github.com/dain/snappy/issues/20? Because if users decompress untrusted data, this could be abused for a denial of service attack by crashing the JVM. The CVE would also have the side-effect of informing users that the repository is not maintained anymore.
martint
Hello, could you please add a
SECURITY.mdfile to your repository, and ideally also enable private vulnerability reporting?