sahvx655-wq commented on PR #507:
URL: https://github.com/apache/felix-dev/pull/507#issuecomment-4851505443

   Circling back on the framework question. When I reverted the framework 
source changes earlier I left the framework.tck dependency bump in by accident, 
so the diff still looked like it reached into framework. I've now dropped those 
tck.bndrun/pom.xml changes too, so the PR is confined to the two gogo Posix 
classes plus the jline test.
   
   On whether other framework implementations need to be concerned: no. The 
change sits entirely inside gogo's grep command, wrapping the user-supplied 
line in a bounded CharSequence that aborts matching once a time budget is 
exceeded. Nothing in the framework or in how gogo gets installed is affected. 
PosixTest passes locally, all 9 cases including the ReDoS timeout ones.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to