garydgregory commented on issue #459: (doc): Document public RandomStringUtils exploit URL: https://github.com/apache/commons-lang/pull/459#issuecomment-532732156 > @chtompki Because many people don't read the documentation. Especially on the top of classes. uh? That's where this kind of information belongs IMO. "Because many people don't" also implies that many people do. So it's not saying much IMO ;-) Don't assume other folks' brain work like yours or or colleagues'. My POV here is that this is Javadoc for a util class, we don't need to link to articles on a "proof" on reasons to not use it; if we want to discourage use cases in certain scenarios, we just say so and we're done. If there is a CVE to deal with, let's link to that CVE.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services