Skip to content

Commit e8d293e

Browse files
Trottjasnell
authored andcommitted
doc: revise security-reporting example text
Edit for simplicity and clarity. PR-URL: #23759 Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Matheus Marchini <mat@mmarchini.me> Reviewed-By: Vladimir de Turckheim <vlad2t@hotmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
1 parent 6a080ab commit e8d293e

File tree

1 file changed

+7
-9
lines changed

1 file changed

+7
-9
lines changed

README.md

+7-9
Original file line numberDiff line numberDiff line change
@@ -175,17 +175,15 @@ nonetheless.
175175
### Public disclosure preferred
176176

177177
- [#14519](https://github.com/nodejs/node/issues/14519): _Internal domain
178-
function can be used to cause segfaults_. Causing program termination using
179-
either the public JavaScript APIs or the private bindings layer APIs requires
180-
the ability to execute arbitrary JavaScript code, which is already the highest
181-
level of privilege possible.
178+
function can be used to cause segfaults_. Requires the ability to execute
179+
arbitrary JavaScript code. That is already the highest level of privilege
180+
possible.
182181

183182
- [#12141](https://github.com/nodejs/node/pull/12141): _buffer: zero fill
184-
Buffer(num) by default_. The buffer constructor behavior was documented,
185-
but found to be prone to [mis-use](https://snyk.io/blog/exploiting-buffer/).
186-
It has since been changed, but despite much debate, was not considered misuse
187-
prone enough to justify fixing in older release lines and breaking our
188-
API stability contract.
183+
Buffer(num) by default_. The documented `Buffer()` behavior was prone to
184+
[misuse](https://snyk.io/blog/exploiting-buffer/). It has since changed. It
185+
was not deemed serious enough to fix in older releases and breaking API
186+
stability.
189187

190188
### Private disclosure preferred
191189

0 commit comments

Comments
 (0)