False Security

[peterohler]

I got bitten yesterday by a PR submitted by Orbis Security that was a one line change that actually did nothing but was used to trumpet what an amazing fix it was for a blog article which was also full of inaccuracies.

The PR was useful though as it show that the supposed fix was in a function that was never called. I removed it this morning.

The PR if anyone is interested is https://github.com/ohler55/oj/pull/1011

[peterohler]

I was contacted by the submitter and they apologized and removed the blog entry. It was AI generated. It was nice to see they were upstanding enough to correct it. That's a plus in my book.

[selectedambient]

it is good to hear that they at least admitted to it and complied.

[selectedambient]

that's just obnoxious, do you have a link to the article they created about it?

[peterohler]

Well, blog entry is still there at https://orbisappsec.com/blog/critical-buffer-overflow-in-ojs... but it is total nonsense and a hallucination.