On 6/20/13 11:38 AM, Myrna van Lunteren wrote:
Thanks Knut, for your quick action.
I wonder, do we need to do anything regarding this in javadoc in past
releases? Add a comment to the download page
(http://db.apache.org/derby/derby_downloads.html), alert the user list?
I prefer not to create new releases for older branches because it's
such a hassle to create a release.
I think that the old releases contain other, more serious security
vulnerabilities which have been addressed in later distributions. We
don't generally regenerate older releases just because we discover and
fix a vulnerability later on. We don't annotate the download page to
call attention to vulnerabilities in old releases. I don't think that
this defect requires a special response.
We could consider sending a brief note to derby-user, now that we have
fixed our own exposure to this bug.
We have handled other vulnerabilities by including extra instructions in
the release notes for a later release. I think it would be adequate to
write a release note for DERBY-6270 and mark that issue as fixed in
10.10.1.3 and 10.11.0.0 so that users will be alerted when they read the
release notes for our next couple releases.
My $0.02,
-Rick
Myrna
On Thu, Jun 20, 2013 at 4:18 AM, Knut Anders Hatlen (JIRA)
<[email protected] <mailto:[email protected]>> wrote:
[
https://issues.apache.org/jira/browse/DERBY-6270?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Knut Anders Hatlen closed DERBY-6270.
-------------------------------------
Resolution: Fixed
Fix Version/s: 10.10.1.2
10.9.2.2
10.8.3.1
10.7.1.4
10.6.2.3
10.5.3.2
10.4.2.1
10.3.3.1
10.2.2.1
The changes seem to have propagated to the web site, so I'm
closing the issue.
> Run Java API Documentation Updater Tool on the published javadocs
> -----------------------------------------------------------------
>
> Key: DERBY-6270
> URL:
https://issues.apache.org/jira/browse/DERBY-6270
> Project: Derby
> Issue Type: Bug
> Components: Web Site
> Affects Versions: 10.2.2.0, 10.3.3.0, 10.4.2.0, 10.5.3.0,
10.6.2.1, 10.7.1.1, 10.8.3.0, 10.9.1.0, 10.10.1.1
> Reporter: Knut Anders Hatlen
> Assignee: Knut Anders Hatlen
> Fix For: 10.2.2.1, 10.3.3.1, 10.4.2.1, 10.5.3.2,
10.6.2.3, 10.7.1.4, 10.8.3.1, 10.9.2.2, 10.10.1.2
>
> Attachments: javadoc.diff
>
>
> The infrastructure team recommends that we update the javadocs
on the web site to fix a vulnerability. We can either regenerate
javadocs using JDK 7u25 or use a tool that updates the docs
in-place. I'll take a look at running the tool, which can be found
here:
http://www.oracle.com/technetwork/java/javase/downloads/java-doc-updater-tool-1955731.html
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA
administrators
For more information on JIRA, see:
http://www.atlassian.com/software/jira
