Author: fanningpj Date: Wed Jul 17 14:18:28 2024 New Revision: 1919313 URL: http://svn.apache.org/viewvc?rev=1919313&view=rev Log: update security notes
Modified: poi/site/src/documentation/content/xdocs/security.xml Modified: poi/site/src/documentation/content/xdocs/security.xml URL: http://svn.apache.org/viewvc/poi/site/src/documentation/content/xdocs/security.xml?rev=1919313&r1=1919312&r2=1919313&view=diff ============================================================================== --- poi/site/src/documentation/content/xdocs/security.xml (original) +++ poi/site/src/documentation/content/xdocs/security.xml Wed Jul 17 14:18:28 2024 @@ -67,7 +67,7 @@ <ul> <li><strong>Expect any type of Exception when processing documents</strong><br/> As parsing the various formats is very complex and involved, there are some unexpected types of - exceptions which can be thrown. E.g. StackOverflow or many different types of RuntimeException. + exceptions which can be thrown. E.g. StackOverflowError or many different types of RuntimeException. <br/> Make sure to have a broad catch-statement around your document-parsing functionality and be prepared to handle all those gracefully. @@ -87,9 +87,16 @@ streaming APIs. </li> <li><strong>Consider sandboxing document-parsing</strong><br/> - If you operate in a highly sensitive enviornment and would like to avoid any side effect from + If you operate in a highly sensitive environment and would like to avoid any side effect from parsing documents on your application, then consider extracting the parsing logic into a separate process which is configured with appropriate memory settings and which you stop after some timeout. + It is a good idea to be able to auto-restart the process in case of a crash. + <br /> + </li> + <li><strong>Keep up to date with releases</strong><br/> + Apache POI does occasionally issue CVEs for security issues. There are also other bug fixes and + improvements in each release. Some of these fixes will be to make POI more robust against malicious + inputs, even if they are not explicitly security-related. <br /> </li> </ul> --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@poi.apache.org For additional commands, e-mail: commits-h...@poi.apache.org