pjfanning commented on issue #1015: URL: https://github.com/apache/poi/issues/1015#issuecomment-3933005314
This is not how you raise security bugs. They should be reported privately. See https://github.com/apache/poi?tab=security-ov-file#readme In this case, I don't agree that this is a security bug but it would be nice to improve the code. POI's trunk branch is for developing 6.0.0 and in that branch, we can add new methods. Unfortunately, passwords as Strings is widespread in POI code and it will take a lot of work to support using char arrays as well or instead. I don't think we can just remove the API methods that take passwords as Strings without deprecating them and waiting to remove them - but we can add new char array based methods. It would be nice to be able to work with HSSFWorkbooks that are password protected without having to use Biff8EncryptionKey - again new API methods. Would you be interested in working on PRs? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
