sahvx655-wq opened a new pull request, #507: URL: https://github.com/apache/felix-dev/pull/507
This PR fixes a ReDoS vulnerability in the grep command for both gogo/shell and gogo/jline. The fix adds timeout protection for user-supplied regular expressions to prevent catastrophic backtracking patterns such as (a+)+ from causing excessive CPU usage or hanging the process. A regression test (testGrepReDosTimeout) was also added to verify the fix. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
