Thanks for taking care of this Eric!
Regards, Alan On Jun 30, 2013, at 1:29 PM, Eric Yang <[email protected]> wrote: > CHUKWA-689 is filed to track the progress of the doc generation. > > > On Sun, Jun 30, 2013 at 10:11 AM, Eric Yang <[email protected]> wrote: > >> First, we need to get pub sub working for our website publishing. I filed >> a infrastructure ticket for this: >> >> https://issues.apache.org/jira/browse/INFRA-6480 >> >> While this is happening in parallel, we can regenerate: >> >> https://svn.apache.org/incubator/chukwa/site/publish/docs/r0.1.2/api >> https://svn.apache.org/incubator/chukwa/site/publish/docs/r0.3.0/api >> https://svn.apache.org/incubator/chukwa/site/publish/docs/r0.4.0/api >> https://svn.apache.org/incubator/chukwa/site/publish/docs/r0.5.0/api >> >> With newer Java. >> >> Last, we also need to update the latest distribution mechanism in pom.xml >> to update svn source tree instead. >> >> I will take care of doc generation later today, if I find the time. >> >> regards, >> Eric >> >> >> On Sun, Jun 30, 2013 at 8:05 AM, Alan Cabrera <[email protected]>wrote: >> >>> >>> On Jun 24, 2013, at 8:24 PM, Ariel Rabkin <[email protected]> wrote: >>> >>>> I don't understand how serious a problem this is. Do we need to do >>>> anything about this? >>> >>> This comes as a mandate from security so we must, if we are affected by >>> it. >>> >>>> Anybody want to take the lead and re-compile our javadoc? >>> >>> /me looks at his shoes and slowly shuffles backward. >>> >>> Think of this as an opportunity to do another release? :) >>> >>> >>> Regards, >>> Alan >>> >>>> >>>> --Ari >>>> >>>> ---------- Forwarded message ---------- >>>> From: Mark Thomas <[email protected]> >>>> Date: Thu, Jun 20, 2013 at 4:29 AM >>>> Subject: [SECURITY] Frame injection vulnerability in published Javadoc >>>> To: [email protected] >>>> Cc: [email protected] >>>> >>>> >>>> Hi All, >>>> >>>> Oracle has announced [1], [2] a frame injection vulnerability in Javadoc >>>> generated by Java 5, Java 6 and Java 7 before update 22. >>>> >>>> The infrastructure team has completed a scan of our current project >>>> websites and identified over 6000 instances of vulnerable Javadoc >>>> distributed across most TLPs. The chances are the project(s) you >>>> contribute to is(are) affected. A list of projects and the number of >>>> affected Javadoc instances per project is provided at the end of this >>>> e-mail. >>>> >>>> Please take the necessary steps to fix any currently published Javadoc >>>> and to ensure that any future Javadoc published by your project does not >>>> contain the vulnerability. The announcement by Oracle includes a link to >>>> a tool that can be used to fix Javadoc without regeneration. >>>> >>>> The infrastructure team is investigating options for preventing the >>>> publication of vulnerable Javadoc. >>>> >>>> The issue is public and may be discussed freely on your project's dev >>> list. >>>> >>>> Thanks, >>>> >>>> Mark (ASF Infra) >>>> >>>> >>>> >>>> [1] >>>> >>> http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html >>>> [2] http://www.kb.cert.org/vuls/id/225657 >>>> >>>> >>>> >>>> >>>> -- >>>> Ari Rabkin [email protected] >>>> Princeton Computer Science Department >>> >>> >>
