[
https://issues.apache.org/jira/browse/AXIS2C-1708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18055567#comment-18055567
]
Robert Lazarski edited comment on AXIS2C-1708 at 1/31/26 2:48 PM:
------------------------------------------------------------------
See commits:
Add OSS-Fuzz integration for continuous security testing
Address Gemini code review findings - security hardening
Fix XML parser issues found by Gemini code review
Phase 3: Attack surface reduction - remove deprecated features
Fix axutil_strcat bug, add penetration test docs
Add HTTP/2 penetration test infrastructure
Add XML parsing limits and fix ASAN build
Remove NTLM authentication support
Fix size_t consistency and null pointer issues
Add JSON parsing limits to prevent DoS attacks (HTTP/2)
Fix buffer overflow vulnerabilities in HTTP/1.1 transport
Harden SSL/TLS configuration against protocol attacks
Harden libxml2 parser against XXE attacks
was (Author: robertlazarski):
See commits:
Add OSS-Fuzz integration for continuous security testing
Address Gemini code review findings - security hardening
Fix XML parser issues found by Gemini code review
Phase 3: Attack surface reduction - remove deprecated features
Fix axutil_strcat bug, add penetration test docs
Add HTTP/2 penetration test infrastructure
> Modern security hardening
> -------------------------
>
> Key: AXIS2C-1708
> URL: https://issues.apache.org/jira/browse/AXIS2C-1708
> Project: Axis2-C
> Issue Type: Task
> Reporter: Robert Lazarski
> Assignee: Robert Lazarski
> Priority: Major
> Fix For: 2.0.0
>
>
> This task is to track the commits using a combo of tools such as Claude Code,
> Google Gemini, and static analysis via cppcheck to search for a wide range of
> vulnerabilities that are common to date.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
