diff options
author | Rich Trott <rtrott@gmail.com> | 2018-10-19 11:07:50 -0700 |
---|---|---|
committer | Rich Trott <rtrott@gmail.com> | 2018-10-21 18:48:42 -0700 |
commit | 2fc075229e7c6a9955e63897de1564fad7d53056 (patch) | |
tree | daf7fd7dc2ba12559532ab542e457ee3e501f103 /README.md | |
parent | 3b7f9bc761091785fb74109487c2be01dbc37857 (diff) | |
download | android-node-v8-2fc075229e7c6a9955e63897de1564fad7d53056.tar.gz android-node-v8-2fc075229e7c6a9955e63897de1564fad7d53056.tar.bz2 android-node-v8-2fc075229e7c6a9955e63897de1564fad7d53056.zip |
doc: revise security-reporting example text
Edit for simplicity and clarity.
PR-URL: https://github.com/nodejs/node/pull/23759
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Matheus Marchini <mat@mmarchini.me>
Reviewed-By: Vladimir de Turckheim <vlad2t@hotmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 16 |
1 files changed, 7 insertions, 9 deletions
@@ -175,17 +175,15 @@ nonetheless. ### Public disclosure preferred - [#14519](https://github.com/nodejs/node/issues/14519): _Internal domain - function can be used to cause segfaults_. Causing program termination using - either the public JavaScript APIs or the private bindings layer APIs requires - the ability to execute arbitrary JavaScript code, which is already the highest - level of privilege possible. + function can be used to cause segfaults_. Requires the ability to execute + arbitrary JavaScript code. That is already the highest level of privilege + possible. - [#12141](https://github.com/nodejs/node/pull/12141): _buffer: zero fill - Buffer(num) by default_. The buffer constructor behavior was documented, - but found to be prone to [mis-use](https://snyk.io/blog/exploiting-buffer/). - It has since been changed, but despite much debate, was not considered misuse - prone enough to justify fixing in older release lines and breaking our - API stability contract. + Buffer(num) by default_. The documented `Buffer()` behavior was prone to + [misuse](https://snyk.io/blog/exploiting-buffer/). It has since changed. It + was not deemed serious enough to fix in older releases and breaking API + stability. ### Private disclosure preferred |