Applicability of CVE-2018-14721

My project uses different versions of jackson library at a number of places, and a security scanner flagged that the binary is vulnerable to CVE-2018-14721. My reading of is that the vulnerability is about deserialization of axis2-jaxws classes resulting in SSRF.

Is this CVE applicable if axis2 is not used in the project? Is this CVE applicable to jackson-mapper-lgpl:1.9.3?

Applicability of Single Responsibility Principle

I recently came by a seemingly trivial architectural problem. I had a simple repository in my code that was called like this (code is in C#):

var user = /* create user somehow */; _userRepository.Add(user); /* do some other stuff*/ _userRepository.SaveChanges(); 

SaveChanges was a simple wrapper that commits changes to database:

void SaveChanges() {     _dataContext.SaveChanges();     _logger.Log("User DB updated: " + someImportantInfo); } 

Then, after some time, I needed to implement new logic that would send email notifications every time a user was created in the system. Since there were many calls to _userRepository.Add() and SaveChanges around the system, I decided to update SaveChanges like this:

void SaveChanges() {     _dataContext.SaveChanges();     _logger.Log("User DB updated: " + someImportantInfo);     foreach (var newUser in dataContext.GetAddedUsers())     {        _eventService.RaiseEvent(new UserCreatedEvent(newUser ))     } } 

This way, external code could subscribe to UserCreatedEvent and handle the needed business logic that would send notifications.

But it was pointed out to me that my modification of SaveChanges violated the Single Responsibility principle, and that SaveChanges should just save and not fire any events.

Is this a valid point? It seems to me that the raising an event here is essentially the same thing as logging: just adding some side functionality to the function. And SRP does not prohibit you from using logging or firing events in your functions, it just says that such logic should be encapsulated in other classes, and it is OK for a repository to call these other classes.

Where can I publish this new math paper whose main significance is its applicability to a field other than mathematics?

I have come up with a new function fitting method, where we fit a function to a given data. I have described the mathematics of it, and proved relevant theorems to show how it works. The sole importance of this method is its applications to machine learning. If I go to mathematicians, they are saying that the theorems are right, but the mathematics of it is nothing unusual but expected. They don’t readily know much about Machine Learning, and have no inclination to know. So its difficult to impress a math journal editor for a publication acceptance. So the mathematicians are advising to go to machine learning experts. On the other hand, If I go to machine learning experts, they are reluctant to comment, as they don’t readily understand the relevant math (unless they take some time and refer to a few books). Moreover the concept is a bit counter intuitive to the latest beliefs in machine learning world, where almost everyone believes that the ML problems are to be solved in very high dimensions, and most of the successful tools like deep convolutional neural networks or the traditional kernel methods or the graph based methods, are designed, keeping high dimensions in mind and over the belief that the ML problems can only be solved in very high dimensions. My methods calls for solving in as low dimensions as possible, requiring traditional domain knowledge based feature representation combined with dimensionality reduction tools, as pre-processors to reduce dimensions. So if I talk about my method to ML people, they might say that ML problems are best solved in very high dimensions, so my method being virtually impractical for very high dimensions, they deem it useless for machine learning.

I am able to apply my method and and demonstrate, for solving a few ML datasets of the likes of IRIS. I am also able to show the inner workings of my method through visualizations on simulated datasets in 2 dimensions, just for sake of illustrations.

I need better workstations and some time and funding to apply and solve harder ML problems, for which I need some support and funding, which is possible only if someone buys my idea and sponsor, as a form of startup. My strategy is to first publish this mathematical method of function fitting, in a math journal, so that it gets some authenticity and help me get some serious attention from ML experts for providing labs/infrastructure or attract venture capitalists for a startup.

Appreciate some suggestions whether my strategy is good idea. If so, what are some math journals I can target for this purpose. I don’t expect to go to mathematicians and say that I have done something incredible, but I just want to garner enough interest to get published in a descent journal, so that it will be easy for me to gather attention from ML world.

What is the scope of Reflex Boosters’ applicability (in terms of skills/action)?

The Stunt’s effect description reads:

You can activate reflex boosters to gain a +2 to physical actions where enhanced neural speed and reaction time come into play.

What is that supposed to apply, and what is it not? Because if I take the description at face value, enhanced neural speed and reaction time is important in a lot of activities – at a minimum, all dodge rolls, most Fight rolls, the more action-heavy Pilot rolls, and arguably some of the Shoot rolls and who-goes-first resolutions.

Also, should ‘activate’ in Stunt descriptions generally be interpreted to mean it requires spending an action and/or a FP?

(For now I told my players to assume that Reflex Booster as described in the RAW is unavailable, and that they should negotiate a more specific bonus instead, at least until I figure out what it’s scope can reasonably be.)