Security VulnerabilitiesFor information about reporting or asking questions about security, please see the security page of the Apache Commons project. Security ModelGenerally, Apache Commons libraries do not support possibly-malicious input unless otherwise specified. Processing untrusted image material is supported to some extent: this should never lead to code execution. However, this component currently does not guarantee the absence of DoS conditions, and that any applications processing untrusted images should be made resilient against memory, CPU and stack exhaustion problems. If you encounter specific cases where certain inputs lead to disproportionate resource usage, we welcome those as regular (non-security) issues or contributions. If you'd like to participate in putting together general protections against such problems, in particular this issue could be a good start. |