This is an automated email from the ASF dual-hosted git repository.

pjfanning pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/poi.git


The following commit(s) were added to refs/heads/trunk by this push:
     new 0d6db105e3 Update Biff8EncryptionKey.java
0d6db105e3 is described below

commit 0d6db105e36a9fdf60ebc66d85f738fb70d8a921
Author: PJ Fanning <[email protected]>
AuthorDate: Fri Jun 5 16:12:46 2026 +0100

    Update Biff8EncryptionKey.java
---
 .../apache/poi/hssf/record/crypto/Biff8EncryptionKey.java    | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git 
a/poi/src/main/java/org/apache/poi/hssf/record/crypto/Biff8EncryptionKey.java 
b/poi/src/main/java/org/apache/poi/hssf/record/crypto/Biff8EncryptionKey.java
index d2d690fd9e..11824330f2 100644
--- 
a/poi/src/main/java/org/apache/poi/hssf/record/crypto/Biff8EncryptionKey.java
+++ 
b/poi/src/main/java/org/apache/poi/hssf/record/crypto/Biff8EncryptionKey.java
@@ -36,7 +36,17 @@ public final class Biff8EncryptionKey {
      * <p>
      *     It is strongly recommended that you call 
`setCurrentUserPassword(null)` as
      *     soon as you are finished with the calls that need the password. One 
option is
-     *     to use a try block with a finally clause that calls 
`setCurrentUserPassword(null)`.
+     *     to use a try block with a `finally` clause that calls 
`setCurrentUserPassword(null)`.
+     * </p>
+     * <p>
+     *     The POI APIs for newer OOXML based file formats like xlsx, docx and 
pptx have never used
+     *     this Biff8EncryptionKey support. Passwords are passed using 
dedicated parameters in the
+     *     relevant APIs, and are not stored in thread-locals.
+     * </p>
+     * <p>
+     *     POI 6.0.0 introduces alternatives API methods for HSSF and other 
H**F classes that take an
+     *     explicit password parameter, and do not rely on this thread-local. 
It is recommended to use
+     *     those APIs instead of the ones that rely on this thread-local.
      * </p>
      *
      * @param password pass <code>null</code> to clear user password (and use 
default)


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to