First, we need to get pub sub working for our website publishing. I filed a infrastructure ticket for this:
https://issues.apache.org/jira/browse/INFRA-6480 While this is happening in parallel, we can regenerate: https://svn.apache.org/incubator/chukwa/site/publish/docs/r0.1.2/api https://svn.apache.org/incubator/chukwa/site/publish/docs/r0.3.0/api https://svn.apache.org/incubator/chukwa/site/publish/docs/r0.4.0/api https://svn.apache.org/incubator/chukwa/site/publish/docs/r0.5.0/api With newer Java. Last, we also need to update the latest distribution mechanism in pom.xml to update svn source tree instead. I will take care of doc generation later today, if I find the time. regards, Eric On Sun, Jun 30, 2013 at 8:05 AM, Alan Cabrera <[email protected]> wrote: > > On Jun 24, 2013, at 8:24 PM, Ariel Rabkin <[email protected]> wrote: > > > I don't understand how serious a problem this is. Do we need to do > > anything about this? > > This comes as a mandate from security so we must, if we are affected by it. > > > Anybody want to take the lead and re-compile our javadoc? > > /me looks at his shoes and slowly shuffles backward. > > Think of this as an opportunity to do another release? :) > > > Regards, > Alan > > > > > --Ari > > > > ---------- Forwarded message ---------- > > From: Mark Thomas <[email protected]> > > Date: Thu, Jun 20, 2013 at 4:29 AM > > Subject: [SECURITY] Frame injection vulnerability in published Javadoc > > To: [email protected] > > Cc: [email protected] > > > > > > Hi All, > > > > Oracle has announced [1], [2] a frame injection vulnerability in Javadoc > > generated by Java 5, Java 6 and Java 7 before update 22. > > > > The infrastructure team has completed a scan of our current project > > websites and identified over 6000 instances of vulnerable Javadoc > > distributed across most TLPs. The chances are the project(s) you > > contribute to is(are) affected. A list of projects and the number of > > affected Javadoc instances per project is provided at the end of this > > e-mail. > > > > Please take the necessary steps to fix any currently published Javadoc > > and to ensure that any future Javadoc published by your project does not > > contain the vulnerability. The announcement by Oracle includes a link to > > a tool that can be used to fix Javadoc without regeneration. > > > > The infrastructure team is investigating options for preventing the > > publication of vulnerable Javadoc. > > > > The issue is public and may be discussed freely on your project's dev > list. > > > > Thanks, > > > > Mark (ASF Infra) > > > > > > > > [1] > > > http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html > > [2] http://www.kb.cert.org/vuls/id/225657 > > > > > > > > > > -- > > Ari Rabkin [email protected] > > Princeton Computer Science Department > >
