security docs

author PJ Fanning <fanningpj@apache.org>

Tue, 24 Oct 2023 21:50:57 +0000 (21:50 +0000)

committer PJ Fanning <fanningpj@apache.org>

Tue, 24 Oct 2023 21:50:57 +0000 (21:50 +0000)
author PJ Fanning <fanningpj@apache.org>
Tue, 24 Oct 2023 21:50:57 +0000 (21:50 +0000)
committer PJ Fanning <fanningpj@apache.org>
Tue, 24 Oct 2023 21:50:57 +0000 (21:50 +0000)
diff --git a/SECURITY.md b/SECURITY.md

index ef6bdc698861bf1e647c1a9f01ce1de631399255..45892998cd35c05f5e6e0d4bfcee2afe7b39e87e 100644 (file)
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,4 +1,9 @@
  # Security
  
  If you suspect you have found a security vulnerability in Apache POI code, please read https://www.apache.org/security/
-for how to report the issue. Please do not report the details publicly until the report is reviewed.
-\ No newline at end of file
+for how to report the issue. Please do not report the details publicly until the report is reviewed.
+
+## Secure Processing
+
+We strongly discourage users of Apache POI from using the lib to parse documents from untrusted sources. For more details,
+please read https://poi.apache.org/security.html.
+\ No newline at end of file
author	PJ Fanning <fanningpj@apache.org>
	Tue, 24 Oct 2023 21:50:57 +0000 (21:50 +0000)
committer	PJ Fanning <fanningpj@apache.org>
	Tue, 24 Oct 2023 21:50:57 +0000 (21:50 +0000)