pashko/apache-poi
1
0
Fork 0
mirror of https://github.com/apache/poi.git synced 2026-02-27 12:30:08 +08:00
Code Issues Packages Projects Releases Wiki Activity

Update security.xml

Browse Source
This commit is contained in:
PJ Fanning 2026-02-16 19:59:54 +01:00
parent e340f313bc
commit eafd6c04b8
1 changed files with 12 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/documentation/content/xdocs/security.xml
View File

@ -86,6 +86,14 @@
and writing xlsx files - so if you are working with large xlsx files, you should consider using the
streaming APIs.
</li>
<li><strong>Use of Temp Files</strong><br/>
Apache POI makes significant use of temporary files. You need to ensure that the directory used
for temp files cannot be manipulated or even read by untrusted users.
<br/>
<em>DefaultTempFileCreationStrategy</em> is the default implementation but you can provide your own
strategy implementation. It is possible to configure POI to avoid temp file usage in some parts of
the code.
</li>
<li><strong>Consider sandboxing document-parsing</strong><br/>
If you operate in a highly sensitive environment and would like to avoid any side effect from
parsing documents on your application, then consider extracting the parsing logic into a separate