Skip to content

Commit

Permalink
doc: revise security-reporting example text
Browse files Browse the repository at this point in the history
Edit for simplicity and clarity.

PR-URL: #23759
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Matheus Marchini <mat@mmarchini.me>
Reviewed-By: Vladimir de Turckheim <vlad2t@hotmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
  • Loading branch information
Trott authored and jasnell committed Oct 22, 2018
1 parent 6a080ab commit e8d293e
Showing 1 changed file with 7 additions and 9 deletions.
16 changes: 7 additions & 9 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -175,17 +175,15 @@ nonetheless.
### Public disclosure preferred

- [#14519](https://github.com/nodejs/node/issues/14519): _Internal domain
function can be used to cause segfaults_. Causing program termination using
either the public JavaScript APIs or the private bindings layer APIs requires
the ability to execute arbitrary JavaScript code, which is already the highest
level of privilege possible.
function can be used to cause segfaults_. Requires the ability to execute
arbitrary JavaScript code. That is already the highest level of privilege
possible.

- [#12141](https://github.com/nodejs/node/pull/12141): _buffer: zero fill
Buffer(num) by default_. The buffer constructor behavior was documented,
but found to be prone to [mis-use](https://snyk.io/blog/exploiting-buffer/).
It has since been changed, but despite much debate, was not considered misuse
prone enough to justify fixing in older release lines and breaking our
API stability contract.
Buffer(num) by default_. The documented `Buffer()` behavior was prone to
[misuse](https://snyk.io/blog/exploiting-buffer/). It has since changed. It
was not deemed serious enough to fix in older releases and breaking API
stability.

### Private disclosure preferred

Expand Down

0 comments on commit e8d293e

Please sign in to comment.