dsoumis commented on code in PR #1001: URL: https://github.com/apache/tomcat/pull/1001#discussion_r3166353278
########## SECURITY.md: ########## @@ -0,0 +1,127 @@ +# Security Policy + +## Before You Report - Required Self-Check + +**Complete this checklist. If you answer "No" to any question, do not submit a report:** + +- [ ] I have read the [Tomcat Security Model](https://tomcat.apache.org/security-model.html) and my finding doesn't require access to config files, binaries, or admin interfaces +- [ ] I have written a working Tomcat JUnit test case that compiles, runs, and demonstrates the vulnerability Review Comment: There may be corner cases that wouldn't be able to be tested through unit tests. I recall some recent examples with byte manipulation.. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
