sahvx655-wq commented on PR #507: URL: https://github.com/apache/felix-dev/pull/507#issuecomment-4851505443
Circling back on the framework question. When I reverted the framework source changes earlier I left the framework.tck dependency bump in by accident, so the diff still looked like it reached into framework. I've now dropped those tck.bndrun/pom.xml changes too, so the PR is confined to the two gogo Posix classes plus the jline test. On whether other framework implementations need to be concerned: no. The change sits entirely inside gogo's grep command, wrapping the user-supplied line in a bounded CharSequence that aborts matching once a time budget is exceeded. Nothing in the framework or in how gogo gets installed is affected. PosixTest passes locally, all 9 cases including the ReDoS timeout ones. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
