Skip to content

Commit 0ba49fe

Browse files
Trotttargos
authored andcommitted
doc: remove problematic example from README
Remove Buffer constructor example from security reporting examples. Even though the example text focuses on API compatibility, the pull request cited is about zero-filling vs. not zero-filling, which is not an API compatibility change (or at least is not unambiguously one). The fact that it's a pull request is also problematic, since it's not reporting a security issue but instead proposing a way to address one that has already been reported publicly. Finally, the text focuses on the fact that it was not deemed worth of backporting, but that was determined by a vote by a divided CTC. It is unreasonable to ask someone reporting an issue to make a determination that the CTC/TSC is divided on. In short, it's not a good example for the list it is in. Remove it. Refs: #23759 (comment) PR-URL: #23817 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
1 parent d808d27 commit 0ba49fe

File tree

1 file changed

+0
-6
lines changed

1 file changed

+0
-6
lines changed

README.md

-6
Original file line numberDiff line numberDiff line change
@@ -179,12 +179,6 @@ nonetheless.
179179
arbitrary JavaScript code. That is already the highest level of privilege
180180
possible.
181181

182-
- [#12141](https://github.com/nodejs/node/pull/12141): _buffer: zero fill
183-
Buffer(num) by default_. The documented `Buffer()` behavior was prone to
184-
[misuse](https://snyk.io/blog/exploiting-buffer/). It has since changed. It
185-
was not deemed serious enough to fix in older releases and breaking API
186-
stability.
187-
188182
### Private disclosure preferred
189183

190184
- [CVE-2016-7099](https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/):

0 commit comments

Comments
 (0)