ok2c commented on code in PR #625:
URL:
https://github.com/apache/httpcomponents-client/pull/625#discussion_r2000702616
##########
httpclient5/src/main/java/org/apache/hc/client5/http/entity/mime/MultipartEntityBuilder.java:
##########
@@ -234,14 +225,12 @@ public MultipartEntityBuilder addBinaryBody(final String
name, final InputStream
}
/**
- * Returns the fixed default boundary value.
- */
- private String getFixedBoundary() {
- return BOUNDARY_PREFIX + "7k9p2m4x8n5j3q6t1r0vwyzabcdefghi";
- }
-
- /**
- * Generates a random boundary using UUID.
+ * Generates a random boundary using UUID. The UUID is a v4 random UUID
generated from a cryptographically-secure
+ * random source.
+ * <p>
+ * A cryptographically-secure random number source is used to avoid
security issues similar to
Review Comment:
@benweissmann Remove references to this CVE. It has nothing to do with the
project.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org
