[jira] [Commented] (PDFBOX-6208) Create support files for AI tooling

Thu, 28 May 2026 11:19:06 -0700 


    [ 
https://issues.apache.org/jira/browse/PDFBOX-6208?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18084167#comment-18084167
 ] 

Maruan Sahyoun commented on PDFBOX-6208:
----------------------------------------

h2. *Changes*

*AGENTS.md:*
 * Added *Sensitive Areas* section listing the seven high-risk subsystems 
(parser, xref, fonts, stream decoding, incremental save, encryption/signatures, 
rendering order)
 * {{StackOverflowException}} → {{StackOverflowError}} (Java bug fix)
 * Security bullet on resource exhaustion now distinguishes general consumption 
from disproportionate amplification, with a forward reference to SECURITY.md 
for the full definition
 * Regression test line upgraded from "add JUnit tests" to "include a minimal 
reproducer document where practical"
 * Added dependency policy line to contribution guidelines

*SECURITY.md:*
 * {{StackOverflowError}} fix applied here too
 * "Known limitations" paragraph rewritten to distinguish general exhaustion 
from amplification attacks (tenant starvation, tiny-input-triggers-catastrophe)
 * New *Deployment and sandboxing* paragraph making operator responsibility 
explicit for multi-tenant/server-side deployments
 * Classpath section expanded to cover security providers, classloaders, and 
dependency resolution
 * DoS policy uses softer "generally out of scope" rather than an absolute 
rule, with concrete examples of what _would_ qualify
 * CVE table note added: "covers 1.8.x and 2.0.x — see blog for 3.0.x"

> Create support files for AI tooling
> -----------------------------------
>
>                 Key: PDFBOX-6208
>                 URL: https://issues.apache.org/jira/browse/PDFBOX-6208
>             Project: PDFBox
>          Issue Type: Improvement
>          Components: Documentation
>    Affects Versions: 2.0.36, 3.0.7 PDFBox, 4.0.0
>            Reporter: Maruan Sahyoun
>            Priority: Major
>         Attachments: AGENTS-0.2.0.md, AGENTS.md, SECURITY-0.2.0.md, 
> SECURITY.md
>
>
> To better support AI tooling create support files such as AGENTS.md and 
> SECURITY.md to provide infos and guidlines for AI Agents and coding support



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to