*
   * This class isn't an arbitrary ForwardingImmutableSet because we need to
   * know that calling {@code clone()} during deserialization will return an
   * object that no one else has a reference to, allowing us to guarantee
   * immutability. Hence, we support only {@link EnumSet}.
   */
  private final transient EnumSet<E> delegate;

  private ImmutableEnumSet(EnumSet<E> delegate) {
    this.delegate = delegate;
  }

    /** Configuration key for allowing localhost authentication bypass. */
    protected static final String SPNEGO_ALLOW_LOCALHOST = "spnego.allow.localhost";

    /** Configuration key for prompting NTLM authentication. */
    protected static final String SPNEGO_PROMPT_NTLM = "spnego.prompt.ntlm";

    /** Configuration key for allowing unsecure basic authentication. */

Nesse caso, esse ataque/risco não se aplica a você.

Esse risco e ataque é relevante principalmente quando a aplicação roda na rede local e essa é a única proteção presumida.

## Permitindo Requisições sem Content-Type { #allowing-requests-without-content-type }

Se você precisa dar suporte a clientes que não enviam um cabeçalho `Content-Type`, você pode desativar a verificação estrita definindo `strict_content_type=False`:

 * be registered in {@code META-INF/services/org.apache.maven.api.model.ModelObjectProcessor}.</p>
 *
 * <p>The service is called during model building for all model objects, allowing
 * implementations to decide which objects to process and how to optimize them.</p>
 *
 * @since 4.0.0
 */
public interface ModelObjectProcessor {

    /**

This policy protects our limited review budget, allowing us to invest our attention wisely.

 * different Maven operations. All implementations must be immutable to ensure thread safety
 * and predictable behavior in concurrent environments.
 *
 * @param <S> the type of ProtoSession associated with this request, allowing for
 *           type-safe session handling in specific request implementations
 *
 * @see ProtoSession
 * @see RequestTrace
 * @see Result
 * @since 4.0.0
 */
@Experimental
@Immutable

En ese caso, este ataque/riesgo no aplica a ti.

Este riesgo y ataque es relevante principalmente cuando la app corre en la red local y esa es la única protección asumida.

## Permitir requests sin Content-Type { #allowing-requests-without-content-type }

Si necesitas soportar clientes que no envían un header `Content-Type`, puedes desactivar el chequeo estricto configurando `strict_content_type=False`:

        }
    }

    @Test
    void testNoCliOptionsDoesNotSetSystemProperty() {
        // Simulate the scenario where no CLI options are specified
        // This should NOT call setRootLoggerLevel, allowing configuration file to take effect

        MockInvokerRequest invokerRequest = new MockInvokerRequest(false); // not verbose
        MockOptions options = new MockOptions(false); // not quiet

Ce risque et cette attaque sont surtout pertinents lorsque l’application s’exécute sur le réseau local et que c’est la seule protection supposée.

## Autoriser les requêtes sans Content-Type { #allowing-requests-without-content-type }

Si vous devez prendre en charge des clients qui n’envoient pas d’en-tête `Content-Type`, vous pouvez désactiver la vérification stricte en définissant `strict_content_type=False` :

Embedding a Java runtime in the distribution would provide some benefits, such as allowing the Launcher, Daemon and Workers to run on it, removing the prerequisite of an installed Java runtime.
However, this does not fully remove the prerequisite, as the Wrapper itself would still need an installed Java runtime to execute.