blank_issues_enabled: false
contact_links:
  - name: Security Contact
    about: Please report security vulnerabilities to ******@****.***
  - name: Question or Problem
    about: Ask a question or ask about a problem in GitHub Discussions.
    url: https://github.com/fastapi/fastapi/discussions/categories/questions
  - name: Feature Request

        # Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python']
        language: ['java']
        # Learn more...
        # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection

    steps:
    - name: Checkout repository
      uses: actions/checkout@v2
      with:

     * in the data store plugin directory and extracts component class names.
     *
     * <p>The method uses secure XML parsing features to prevent XXE attacks and
     * other XML-based vulnerabilities. Component class names are extracted from
     * the 'class' attribute of 'component' elements in the XML files.</p>
     *
     * @return sorted list of data store class simple names discovered from plugins
     */

import java.util.regex.Pattern;

/**
 * Comprehensive input validation utility for SMB protocol implementation.
 * Provides validation methods to prevent buffer overflows, injection attacks,
 * and other security vulnerabilities.
 */
public final class InputValidator {

    private InputValidator() {
        // Utility class
    }

    // Maximum sizes for various SMB fields (based on protocol specifications)

    * Existing code will break if they update the version without changing their code. This rarely happens, so this label is not frequently used.
* `security`: Security Fixes
    * This is for security fixes, like vulnerabilities. It would almost never be used.
* `feature`: Features
    * New features, adding support for things that didn't exist before.
* `bug`: Fixes

   * delete the file and create a directory in its place, but this leads a race condition which can
   * be exploited to create security vulnerabilities, especially when executable files are to be
   * written into the directory.
   *
   * <p>This method assumes that the temporary volume is writable, has free inodes and free blocks,

   * delete the file and create a directory in its place, but this leads a race condition which can
   * be exploited to create security vulnerabilities, especially when executable files are to be
   * written into the directory.
   *
   * <p>This method assumes that the temporary volume is writable, has free inodes and free blocks,

## Changelog since v1.27.15

## Important Security Information

This release contains changes that address the following vulnerabilities:

### CVE-2024-5321: Incorrect permissions on Windows containers logs

A security issue was discovered in Kubernetes clusters with Windows nodes
where BUILTIN\Users may be able to read container logs and NT

## Changelog since v1.29.12

## Important Security Information

This release contains changes that address the following vulnerabilities:

### CVE-2024-9042: Command Injection affecting Windows nodes via nodes/*/logs/query API

A security vulnerability has been discovered in Kubernetes windows nodes

## Changelog since v1.32.7

## Important Security Information

This release contains changes that address the following vulnerabilities:

### CVE-2025-5187: Nodes can delete themselves by adding an OwnerReference