yawkat commented on issue #2536: URL: https://github.com/apache/pekko/issues/2536#issuecomment-3601372811
FYI, the combination fastestInstance().safeDecompressor() is secure *as long as the JNI implementation is used*. For the JNI implementation, only .fastDecompressor() is problematic. However if JNI is not used, e.g. on an unsupported platform or because library loading fails for another reason, fastestInstance will fall back to the Unsafe-based implementation where safeDecompressor is *not* secure. So most of your users are probably fine, but it's best to update anyway to avoid an insecure fallback. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
