Add a reference to safe deserlialization

garydgregory · garydgregory · commit 538d129a5f6f · 2026-03-19T23:46:34.000Z
diff --git a/src/site/xdoc/security.xml b/src/site/xdoc/security.xml
@@ -1,45 +1,49 @@
 <?xml version="1.0"?>
-<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file
-    distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under
-    the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may
-    obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to
-    in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
-    ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under
-    the License. -->
+<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional 
+  information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the "License"); you may not use this file except 
+  in compliance with the License. You may obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to 
+  in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See 
+  the License for the specific language governing permissions and limitations under the License. -->
 <document>
-    <properties>
-        <title>Apache Commons Crypto Security Reports</title>
-        <author email="dev@commons.apache.org">Commons Team</author>
-    </properties>
-    <body>
-        <section name="Security Vulnerabilities">
-            <p>
-                For information about reporting or asking questions about
-                security, please see the
-                <a href="https://commons.apache.org/security.html">security page</a>
-                of the Apache Commons project.
-            </p>
-            <p>
-                This page lists all security vulnerabilities fixed in released versions of this component.
-            </p>
+  <properties>
+    <title>Apache Commons Crypto Security Reports</title>
+    <author email="dev@commons.apache.org">Commons Team</author>
+  </properties>
+  <body>
+    <section name="Security Vulnerabilities">
+      <p>
+        For information about reporting or asking questions about
+        security, please see the
+        <a href="https://commons.apache.org/security.html">security page</a>
+        of the Apache Commons project.
+      </p>
+      <p>
+        This page lists all security vulnerabilities fixed in released versions of this component.
+      </p>
 
-            <p>
-                Please note that binary patches are never provided. If you need to apply a source code patch, use the
-                building instructions for the component version that you are using.
-            </p>
+      <p>
+        Please note that binary patches are never provided. If you need to apply a source code patch, use the
+        building instructions for the component version that you are using.
+      </p>
 
-            <p>
-                If you need help on building this component or other help on following the instructions to
-                mitigate the known vulnerabilities listed here, please send your questions to the public
-                <a href="mail-lists.html">user mailing list</a>.
-            </p>
+      <p>
+        If you need help on building this component or other help on following the instructions to
+        mitigate the known vulnerabilities listed here, please send your questions to the public
+        <a href="mail-lists.html">user mailing list</a>
+        .
+      </p>
 
-            <p>
-                If you have encountered an unlisted security vulnerability or other unexpected behavior that has security
-                impact, or if the descriptions here are incomplete, please report them privately to the Apache Security
-                Team. Thank you.
-            </p>
+      <p>
+        If you have encountered an unlisted security vulnerability or other unexpected behavior that has security
+        impact, or if the descriptions here are incomplete, please report them privately to the Apache Security
+        Team. Thank you.
+      </p>
 
-         </section>
-    </body>
+    </section>
+    <section name="Safe Deserialization">
+      <p>
+      For information about safe deserialization, please see <a href="https://commons.apache.org/io/description.html#Safe_Deserialization">Safe Deserialization</a>.
+      </p>
+    </section>
+  </body>
 </document>
