# Vulnerability Management Policy

This document formally describes the process of addressing and managing a
reported vulnerability that has been found in the MinIO server code base,
any directly connected ecosystem component or a direct / indirect dependency
of the code base.

## Scope

The vulnerability management policy described in this document covers the
process of investigating, assessing and resolving a vulnerability report

// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program.  If not, see <http://www.gnu.org/licenses/>.

package json

type s3Error struct {
	code       string
	message    string
	statusCode int
	cause      error
}

func (err *s3Error) Cause() error {

   * @throws IllegalArgumentException if {@code distinctElements} is negative
   */
  public static <E extends @Nullable Object> HashMultiset<E> create(int distinctElements) {
    return new HashMultiset<>(distinctElements);
  }

  /**
   * Creates a new {@code HashMultiset} containing the specified elements.
   *
   * <p>This implementation is highly efficient when {@code elements} is itself a {@link Multiset}.
   *

import java.util.StringTokenizer;

/**
 * A <code>URLStreamHandler</code> used to provide NTLM authentication
 * capabilities to the default HTTP handler.  This acts as a wrapper,
 * handling authentication and passing control to the underlying
 * stream handler.
 */
public class Handler extends URLStreamHandler {

    /**
     * The default HTTP port (<code>80</code>).
     */
    public static final int DEFAULT_HTTP_PORT = 80;

the Classpath Exception to the necessary parts of its GPLv2 code, which
permits you to use that code in combination with other independent
modules not licensed under the GPLv2.  However, note that this would
not permit you to commingle code under an incompatible license with
Oracle's GPLv2 licensed code by, for example, cutting and pasting such
code into a file also containing Oracle's GPLv2 licensed code and then

      }

      /**
       * Implementation of completing a task. Either {@code v} or {@code t} will be set but not
       * both. The {@code finalState} is the state to change to from {@link #RUNNING}. If the state
       * is not in the RUNNING state we return {@code false} after waiting for the state to be set

     * {@link #nextElements} if {@code next()} was called more recently then {@code previous},
     * {@link #previousElements} if the reverse is true, or -- overriding both of these -- {@code
     * null} if {@code remove()} or {@code add()} has been called more recently than either. We use
     * this to determine which stack to pop from on a call to {@code remove()} (or to pop from and
     * push to on a call to {@code set()}).
     */

    /**
     * Builds the toolchains model from the configured toolchain files.
     *
     * @param userToolchainsFile The path to the toolchains file, may be <code>null</code> to disable parsing.
     * @return The toolchains model or <code>null</code> if no toolchain file was configured or the configured file does
     *         not exist.
     * @throws MisconfiguredToolchainException If the toolchain file exists but cannot be parsed.

        getMultiset().size());
  }

  /** Call the {@code setCount()} method under test, and check its return value. */
  abstract void setCountCheckReturnValue(E element, int count);

  /**
   * Call the {@code setCount()} method under test, but do not check its return value. Callers
   * should use this method over {@link #setCountCheckReturnValue(Object, int)} when they expect

* They are not synced with the code to reflect the eventual solution that is committed
* Google Docs is not a "code-oriented" tool, like asciidoc can be
* Review in Google Docs is not as simple as a PR code review in GitHub

## Decision