Availability of Security Fixes #26
Comments
|
Hi Aditya, thank you for reaching out! To answer your question: yes, this library will be updated when an issue is raised and a fix is available. Usually this should take around 2 weeks. If there is any of the open issues that is of specific concern to you, please highlight it, and if there are any dependencies that need updating, please be welcome to open an issue or a PR. Note in terms of security, I don't think this sandbox provides 100% isolation (and the same can be said for many sandbox-like environments). I guess it is all a level of tradeoffs. You could for instance run this sandbox code in a Lambda or other isolated compute environment and that should add significantly to the overall security of your system. |
|
Thank you @mxro for your detailed reply and really appreciate your suggestions. Will surely consider your suggestions. |
Hi,
I am planning to use delight-rhino-sandbox in one of my projects. Our requirement is mainly to support scripting language in Java application. It seems delight-rhino meets most of our requirements. The main concern our team is having regarding security issues and bug fixes. I see that the library is not upgraded from a long time.
Is the library going to be fixed and upgraded if there is any security issues/vulnerabilities found in library? If there are security issue in transitive dependencies, are we going to include updated versions of those libraries? If yes, what kind of timeframe we can expect for such update.
Thanks,
Aditya Kumar
The text was updated successfully, but these errors were encountered: