Skip to content

Commit

Permalink
doc: remove problematic example from README
Browse files Browse the repository at this point in the history
Remove Buffer constructor example from security reporting examples. Even
though the example text focuses on API compatibility, the pull request
cited is about zero-filling vs. not zero-filling, which is not an API
compatibility change (or at least is not unambiguously one). The fact
that it's a pull request is also problematic, since it's not reporting a
security issue but instead proposing a way to address one that has
already been reported publicly. Finally, the text focuses on the fact
that it was not deemed worth of backporting, but that was determined by
a vote by a divided CTC. It is unreasonable to ask someone reporting an
issue to make a determination that the CTC/TSC is divided on.

In short, it's not a good example for the list it is in. Remove it.

Refs: #23759 (comment)

PR-URL: #23817
Reviewed-By: Colin Ihrig <[email protected]>
Reviewed-By: Michael Dawson <[email protected]>
Reviewed-By: Michaël Zasso <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>
Reviewed-By: Trivikram Kamat <[email protected]>
  • Loading branch information
Trott authored and MylesBorins committed Nov 29, 2018
1 parent 1921865 commit 8b358ec
Showing 1 changed file with 0 additions and 6 deletions.
6 changes: 0 additions & 6 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -179,12 +179,6 @@ nonetheless.
arbitrary JavaScript code. That is already the highest level of privilege
possible.

- [#12141](https://github.com/nodejs/node/pull/12141): _buffer: zero fill
Buffer(num) by default_. The documented `Buffer()` behavior was prone to
[misuse](https://snyk.io/blog/exploiting-buffer/). It has since changed. It
was not deemed serious enough to fix in older releases and breaking API
stability.

### Private disclosure preferred

- [CVE-2016-7099](https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/):
Expand Down

0 comments on commit 8b358ec

Please sign in to comment.