On 13/05/2026 09:53, Mark Thomas wrote:
On 12/05/2026 21:45, Rémy Maucherat wrote:
On Tue, May 12, 2026 at 6:07 PM Mark Thomas <[email protected]> wrote:
<snip/>
Given this change in circumstances, I think it is worth reconsidering
how we approach security vulnerabilities and releases.
<snip/>
- Run some (which?) AI security scans on the Tomcat code base to try get
ahead (unlikely) but at least keep up with anything an attacker
could
find.
I plan to do that (sorry, I started with the javadoc instead ...). It
is important to do it all the time, as soon as a more "capable" model
is released (I'm not sure it is really more capable, but since they're
all quite different they might catch different issues).
I'll see what I can enable in GitHub.
We have 111 issues found by CodeQL. They all look to be false positives.
I am going to start working through the list and resolving them as such.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
