raboof commented on PR #12:
URL: https://github.com/apache/geronimo-batchee/pull/12#issuecomment-1306969667
> Does this need a CVE assigned to it?
This is up to the Apache Geronimo team to decide.
It is not clear to me whether the zip files processed here are assumed come
from
rmannibucau commented on PR #12:
URL: https://github.com/apache/geronimo-batchee/pull/12#issuecomment-1307129384
Theorically from anywhere but it should really come from a trusted source
(same as webapps/ folder of tomcat if you are more familiar with it).
There is also a pending