implementation bugs that might allow attackers to leave malicious code running
and leak or tamper with applications from other users. Please report
vulnerabilities to the vendor of the affected hardware accelerator.

## Reporting vulnerabilities

### Vulnerabilities in TensorFlow

This document covers different use cases for TensorFlow together with comments

blank_issues_enabled: false
contact_links:
  - name: Security Contact
    about: Please report security vulnerabilities to ******@****.***
  - name: Question or Problem
    about: Ask a question or ask about a problem in GitHub Discussions.
    url: https://github.com/fastapi/fastapi/discussions/categories/questions
  - name: Feature Request

visit the [forums](https://discuss.elastic.co/c/elasticsearch).  Please also
check your OS is [supported](https://www.elastic.co/support/matrix#show_os).
If it is not, the issue is likely to be closed.

For security vulnerabilities please only send reports to ******@****.***.
See https://www.elastic.co/community/security for more information.

Please fill in the following details to help us reproduce the bug:
-->

*   Fixes vulnerabilities caused by incomplete validation in `SparseAdd`
    ([CVE-2021-29609](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29609))
*   Fixes vulnerabilities caused by incomplete validation in
    `SparseSparseMinimum`
    ([CVE-2021-29607](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29607))
*   Fixes vulnerabilities caused by incomplete validation in `SparseReshape`

        # Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python']
        language: ['java']
        # Learn more...
        # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection

    steps:
    - name: Checkout repository
      uses: actions/checkout@v4

    # Initializes the CodeQL tools for scanning.

- **Security:**
Java serialization poses security risks, especially related to deserialization vulnerabilities.

- **Version Compatibility:**
With Java serialization, even minor changes to a class (like adding a field) can break compatibility.

- **Cross-Language Compatibility:**

     * The Kryo instances are configured to require class registration for security,
     * preventing deserialization of arbitrary classes that could lead to RCE vulnerabilities.
     * Only explicitly registered classes can be serialized/deserialized.
     * </p>
     */
    public DataSerializer() {
        kryoThreadLocal = ThreadLocal.withInitial(() -> {

        # Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python']
        language: ['java', 'javascript']
        # Learn more...
        # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection

    steps:
    - name: Checkout repository
      uses: actions/checkout@v6

     * in the data store plugin directory and extracts component class names.
     *
     * <p>The method uses secure XML parsing features to prevent XXE attacks and
     * other XML-based vulnerabilities. Component class names are extracted from
     * the 'class' attribute of 'component' elements in the XML files.</p>
     *
     * @return sorted list of data store class simple names discovered from plugins
     */

            oneWay = OneWayCryptographer.createSha512Cryptographer();
        } else if ("md5".equalsIgnoreCase(digestAlgorithm)) {
            logger.warn("MD5 digest is deprecated due to its collision vulnerabilities. Please consider migrating to SHA-256. algorithm={}",
                    digestAlgorithm);
            oneWay = new OneWayCryptographer("MD5", OneWayCryptographer.ENCODING_UTF8);
        } else {