ppkarwasz commented on PR #540: URL: https://github.com/apache/commons-configuration/pull/540#issuecomment-2643749454
> For 2.x we intend not to allow code execution or DoS issues when loading and processing untrusted configurations. Is it possible? Commons Configuration has features like loading classes by name and JNDI lookups. I don't see how we can prevent code execution on untrusted configurations. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
