wgtmac opened a new pull request, #2632:
URL: https://github.com/apache/orc/pull/2632

   ### What changes were proposed in this pull request?
   This PR adds a new "Threat Model" section to the project's Security 
documentation (`site/security/index.md`). 
   The new section outlines:
   1. The trusted vs. untrusted data boundaries for the `orc` library.
   2. The distinction between robustness issues (e.g., crashes or Out-Of-Bounds 
reads caused by maliciously fuzzed files) and actual security vulnerabilities.
   3. The responsibilities of the low-level parsing library versus the data 
ingestion layer.
   
   ### Why are the changes needed?
   This update is needed to align Apache ORC's security threat model with other 
foundational data format libraries like Apache Arrow. 
   
   The community occasionally receives reports from fuzzing tools regarding 
crashes, OOMs, or memory issues caused by parsing maliciously corrupted files. 
This documentation clarifies our stance: because `orc` is a low-level format 
library designed for trusted environments, parsing malformed files that cause a 
crash (without leading to Remote Code Execution or bypassing a defined security 
boundary) is considered a normal software bug (a robustness issue) rather than 
a security vulnerability (CVE). 
   
   This will help avoid overwhelming maintainers with non-exploitable CVEs and 
set clear expectations for security researchers.
   
   ### How was this patch tested?
   This is a documentation-only change updating the website Markdown. No 
functional code changes were introduced.
   
   ### Was this patch authored or co-authored using generative AI tooling?
   Generated-by: Gemini 3.1 Pro
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to