potiuk commented on PR #2923: URL: https://github.com/apache/jackrabbit-oak/pull/2923#issuecomment-4627653868
Thanks @mbaedke, @reschke, @mreutegg, @rishabhdaim — all 11 points are folded; resolving the threads now. Highlights: - **TarMK / `oak-segment-tar`** is now **in-scope** as Oak's own code — a malformed-segment / tar-format parsing bug is an Oak finding, not a "trusted backend" issue (§2 component table, §3, §6). mbaedke's position is folded; **reschke's uncertainty is kept as an explicit open item (§14 Q2a)** for the PMC to settle. - **oak-http / `oak-run server` (:8080)** added as in-model HTTP entry points; the "Oak ships no listener" wording is softened so request-parsing/path/response bugs aren't mis-triaged as host-only (§2 table, §3). - **XXE / XML / SQL2-XPath parsing** is in-model via `Workspace.importXML` / `Session.importXML` and the document/system-view importers (§3/§6). - **JCR-API → Oak-API security-entity mapping** (Privilege/Principal/Authorizable) is in-model — a mis-mapping is a finding (§6). - **Trust boundary** stated explicitly as the JCR `Session` / Oak `ContentSession` API surface (§4). - **Error-leak distinction** (§9.5): leaking the *existence* of unauthorized paths is disclaimed; leaking the *paths* is not. - **Java 17** at HEAD (README outdated, #2927 fixes it); shared Jackrabbit bundles spanning Filevault/Oak noted. The one genuinely-open item is the **TarMK in-scope** question (mbaedke ↔ reschke, §14 Q2a). The model is the PMC's to merge whenever — thanks for the thorough multi-reviewer pass. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
