Skip to content

Add security considerations and best practices for processing XML and YAML, including examples and detailed mitigations against XXE and RCE vulnerabilities. Introduce new security documentation sections for serialization formats and updated threat model. #63

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Splatcrafter merged 1 commit into from
Jan 31, 2026
Merged

Add security considerations and best practices for processing XML and YAML, including examples and detailed mitigations against XXE and RCE vulnerabilities. Introduce new security documentation sections for serialization formats and updated threat model. #63

Splatcrafter merged 1 commit into from
Jan 31, 2026

Conversation

@Splatcrafter
Copy link
Member

@Splatcrafter Splatcrafter commented Jan 31, 2026

Summary

This PR adds security documentation for safe guidance through configuring input parsers for JSON, YAML and all other formats.

Type of Change

  • Bug fix
  • New feature
  • Breaking change
  • Refactoring
  • Documentation
  • Build / CI

Related Issues

Closes #40 - [Feature]: Security Documentation for Untrusted Data

Changes

  • added documentation for security configuration

Verification

  • Unit tests added/updated
  • Existing tests pass
  • Manual verification performed (if applicable)

Breaking Changes

No breaking changes were made in this PR.

Checklist

  • Code follows project conventions
  • Public APIs are documented
  • Tests cover new behavior
  • No unnecessary dependencies added

@Splatcrafter
Add security considerations and best practices for processing XML and…
f9df5c1 
… YAML, including examples and detailed mitigations against XXE and RCE vulnerabilities. Introduce new security documentation sections for serialization formats and updated threat model.
@Splatcrafter Splatcrafter requested a review from a team as a code owner January 31, 2026 21:18
@Splatcrafter Splatcrafter requested a review from a team January 31, 2026 21:18
@Splatcrafter Splatcrafter self-assigned this Jan 31, 2026
@Splatcrafter Splatcrafter added the documentation Improvements or additions to documentation label Jan 31, 2026
@github-actions
Copy link

github-actions bot commented Jan 31, 2026

⚠️ Deprecation Warning: The deny-licenses option is deprecated for possible removal in the next major release. For more information, see issue 997.

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

@Splatcrafter Splatcrafter merged commit 3adce06 into develop Jan 31, 2026
9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@Splatcrafter Splatcrafter

Labels

documentation Improvements or additions to documentation

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Splatcrafter