svn commit: r1919313 - /poi/site/src/documentation/content/xdocs/security.xml

Wed, 17 Jul 2024 07:18:34 -0700 

Author: fanningpj
Date: Wed Jul 17 14:18:28 2024
New Revision: 1919313

URL: http://svn.apache.org/viewvc?rev=1919313&view=rev
Log:
update security notes

Modified:
    poi/site/src/documentation/content/xdocs/security.xml

Modified: poi/site/src/documentation/content/xdocs/security.xml
URL: 
http://svn.apache.org/viewvc/poi/site/src/documentation/content/xdocs/security.xml?rev=1919313&r1=1919312&r2=1919313&view=diff
==============================================================================
--- poi/site/src/documentation/content/xdocs/security.xml (original)
+++ poi/site/src/documentation/content/xdocs/security.xml Wed Jul 17 14:18:28 
2024
@@ -67,7 +67,7 @@
         <ul>
             <li><strong>Expect any type of Exception when processing 
documents</strong><br/>
                 As parsing the various formats is very complex and involved, 
there are some unexpected types of
-                exceptions which can be thrown. E.g. StackOverflow or many 
different types of RuntimeException.
+                exceptions which can be thrown. E.g. StackOverflowError or 
many different types of RuntimeException.
                 <br/>
                 Make sure to have a broad catch-statement around your 
document-parsing functionality and be prepared
                 to handle all those gracefully.
@@ -87,9 +87,16 @@
                 streaming APIs.
             </li>
             <li><strong>Consider sandboxing document-parsing</strong><br/>
-                If you operate in a highly sensitive enviornment and would 
like to avoid any side effect from
+                If you operate in a highly sensitive environment and would 
like to avoid any side effect from
                 parsing documents on your application, then consider 
extracting the parsing logic into a separate
                 process which is configured with appropriate memory settings 
and which you stop after some timeout.
+                It is a good idea to be able to auto-restart the process in 
case of a crash.
+                <br />
+            </li>
+            <li><strong>Keep up to date with releases</strong><br/>
+                Apache POI does occasionally issue CVEs for security issues. 
There are also other bug fixes and
+                improvements in each release. Some of these fixes will be to 
make POI more robust against malicious
+                inputs, even if they are not explicitly security-related.
                 <br />
             </li>
         </ul>



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@poi.apache.org
For additional commands, e-mail: commits-h...@poi.apache.org

Reply via email to