From 47ac0693df267644c3950ec26a23327748f2c5c7 Mon Sep 17 00:00:00 2001
From: Senrian <47714364+Senrian@users.noreply.github.com>
Date: Fri, 20 Mar 2026 18:37:39 +0800
Subject: [PATCH 1/2] docs: clarify Immutable Object pattern in Value Object
 README (fixes #3448)

---
 value-object/README.md | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/value-object/README.md b/value-object/README.md
index 84b8e029debd..e1e8dc3b14d0 100644
--- a/value-object/README.md
+++ b/value-object/README.md
@@ -18,14 +18,16 @@ tag:
 
 ## Also known as
 
-* Embedded Value
 * Immutable Object
+* Embedded Value
 * Inline Value
 * Integrated Value
 
-## Intent of Value Object Design Pattern
+## Intent of Value Object / Immutable Object Design Pattern
 
-The Value Object pattern in Java creates immutable objects that represent a descriptive aspect of the domain with no conceptual identity. It aims to enhance performance and reduce memory overhead by storing frequently accessed immutable data directly within the object that uses it, rather than separately.
+The Value Object pattern (also known as the **Immutable Object pattern**) in Java creates immutable objects that represent a descriptive aspect of the domain with no conceptual identity. It aims to enhance performance and reduce memory overhead by storing frequently accessed immutable data directly within the object that uses it, rather than separately.
+
+The Immutable Object pattern ensures that an object's state cannot be modified after construction, providing thread-safety and predictability in concurrent scenarios.
 
 ## Detailed Explanation of Value Object Pattern with Real-World Examples
 
@@ -146,3 +148,4 @@ Trade-offs:
 * [J2EE Design Patterns](https://amzn.to/4dpzgmx)
 * [Patterns of Enterprise Application Architecture](https://amzn.to/3WfKBPR)
 * [ValueObject (Martin Fowler)](https://martinfowler.com/bliki/ValueObject.html)
+

From 7122b416b499cc66c7e69944fec1be5abd30fcf1 Mon Sep 17 00:00:00 2001
From: Senrian <47714364+Senrian@users.noreply.github.com>
Date: Fri, 17 Apr 2026 12:55:27 +0800
Subject: [PATCH 2/2] fix: replace Runtime.exec() string concatenation with
 ProcessBuilder to prevent command injection (CWE-78)

---
 page-object/src/main/java/com/iluwatar/pageobject/App.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/page-object/src/main/java/com/iluwatar/pageobject/App.java b/page-object/src/main/java/com/iluwatar/pageobject/App.java
index a0eda082f726..7c03b65f5f83 100644
--- a/page-object/src/main/java/com/iluwatar/pageobject/App.java
+++ b/page-object/src/main/java/com/iluwatar/pageobject/App.java
@@ -77,7 +77,8 @@ public static void main(String[] args) {
       } else {
         // Java Desktop not supported - above unlikely to work for Windows so try the
         // following instead...
-        Runtime.getRuntime().exec("cmd.exe start " + applicationFile);
+        // Use ProcessBuilder with separate arguments to avoid command injection vulnerability
+        new ProcessBuilder("cmd.exe", "start", applicationFile.getAbsolutePath()).start();
       }
 
     } catch (IOException ex) {