rs such as sonatype's maven-central. In other words, that's a
different class of attack and is not something that the SM, at least for
this use-case, is meant to mitigate.
--Reinier Zwitserloot
On Thu, 22 Apr 2021 at 19:43, Ron Pressler wrote:
>
>
> On 22 Apr 2021, at
stom FileSystem
implementation some code that does stack trace introspection to try to make
this happen and that still doesn't address the `java.io.File` API.
--Reinier Zwitserloot
On Sat, 17 Apr 2021 at 16:54, Alan Bateman wrote:
> On 16/04/2021 02:29, Reinier Zwitserloot wrote:
figure
out, quickly, that ZXING is not doing what you thought it did.
NB: Just to be clear, zxing _does not_ make any network calls. The library
generates PNGs with QR codes as you would expect. But it makes for a
plausible hypothetical, I think.
--Reinier Zwitserloot
On Fri, 16 Apr 2021
o give any conclusive answers.
It's analogous to finding code that configures how your log backends are
set up on github: Almost no java project on there does it, because
libraries aren't supposed to, and most of the projects are libraries.
--Reinier Zwitserloot
On Fri, 16 Apr 2021 a
ere an application may
want to monitor or deny what it triggers on when a library is doing it that
you don't want it to or did not expect to.
--Reinier Zwitserloot