CHUKWA-689 is filed to track the progress of the doc generation.
On Sun, Jun 30, 2013 at 10:11 AM, Eric Yang <[email protected]> wrote: > First, we need to get pub sub working for our website publishing. I filed > a infrastructure ticket for this: > > https://issues.apache.org/jira/browse/INFRA-6480 > > While this is happening in parallel, we can regenerate: > > https://svn.apache.org/incubator/chukwa/site/publish/docs/r0.1.2/api > https://svn.apache.org/incubator/chukwa/site/publish/docs/r0.3.0/api > https://svn.apache.org/incubator/chukwa/site/publish/docs/r0.4.0/api > https://svn.apache.org/incubator/chukwa/site/publish/docs/r0.5.0/api > > With newer Java. > > Last, we also need to update the latest distribution mechanism in pom.xml > to update svn source tree instead. > > I will take care of doc generation later today, if I find the time. > > regards, > Eric > > > On Sun, Jun 30, 2013 at 8:05 AM, Alan Cabrera <[email protected]>wrote: > >> >> On Jun 24, 2013, at 8:24 PM, Ariel Rabkin <[email protected]> wrote: >> >> > I don't understand how serious a problem this is. Do we need to do >> > anything about this? >> >> This comes as a mandate from security so we must, if we are affected by >> it. >> >> > Anybody want to take the lead and re-compile our javadoc? >> >> /me looks at his shoes and slowly shuffles backward. >> >> Think of this as an opportunity to do another release? :) >> >> >> Regards, >> Alan >> >> > >> > --Ari >> > >> > ---------- Forwarded message ---------- >> > From: Mark Thomas <[email protected]> >> > Date: Thu, Jun 20, 2013 at 4:29 AM >> > Subject: [SECURITY] Frame injection vulnerability in published Javadoc >> > To: [email protected] >> > Cc: [email protected] >> > >> > >> > Hi All, >> > >> > Oracle has announced [1], [2] a frame injection vulnerability in Javadoc >> > generated by Java 5, Java 6 and Java 7 before update 22. >> > >> > The infrastructure team has completed a scan of our current project >> > websites and identified over 6000 instances of vulnerable Javadoc >> > distributed across most TLPs. The chances are the project(s) you >> > contribute to is(are) affected. A list of projects and the number of >> > affected Javadoc instances per project is provided at the end of this >> > e-mail. >> > >> > Please take the necessary steps to fix any currently published Javadoc >> > and to ensure that any future Javadoc published by your project does not >> > contain the vulnerability. The announcement by Oracle includes a link to >> > a tool that can be used to fix Javadoc without regeneration. >> > >> > The infrastructure team is investigating options for preventing the >> > publication of vulnerable Javadoc. >> > >> > The issue is public and may be discussed freely on your project's dev >> list. >> > >> > Thanks, >> > >> > Mark (ASF Infra) >> > >> > >> > >> > [1] >> > >> http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html >> > [2] http://www.kb.cert.org/vuls/id/225657 >> > >> > >> > >> > >> > -- >> > Ari Rabkin [email protected] >> > Princeton Computer Science Department >> >> >
