JLLeitschuh commented on PR #371: URL: https://github.com/apache/commons-io/pull/371#issuecomment-1199847583
> Uh? You created the PR... I used a bot to create the PR on my behalf, as well as generate the fix, as well as generated fixes for 30 other OSS projects with this same bot. I'm currently working through a collection of other vulnerabilities I'm aiming to fix including generating 108 pull request to fix a bunch of OSS projects that are vulnerable to Zip-Slip. > you can create the test. Unfortunately, this is not something I have time for right now. However, I believe this may fix a security vulnerability, do you agree? If so, consider this a security report from a security researcher, and consider treating it as such, following the Apache standard vulnerability handling profess. If you don't consider this a security vulnerability, and are unwilling to accept this change without a test (which is completely understandable) please feel free to either close this. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
