Sounds like a good idea. Thanks Stefan! Matt On Jul 5, 2013 9:36 AM, "Stefan Bodewig" <bode...@apache.org> wrote:
> Hi all, > > as you most probably know Oracle's javadoc tool prior to Java 7u25 > creates javadocs with a frame injection vulnerability - see > CVE-2013-1571, VU#225657 for details. > > The javadoc task in trunk contains a patch based on code by Uwe > Schindler of the Lucene community that postprocesses javadoc's output, > identifies vulnerable pages and fixes them. > > This is similar to the patch applied to Maven's javadoc plugin which led > to their version 2.9.1. > > Do we want to cut an Ant release to help Ant users to get around the > vulnerability or is the macrodef I've added to the online manual enough > in our view? > > If enough people think we should cut a release then I guess I'm > volunteering to be the RM. > > Stefan > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@ant.apache.org > For additional commands, e-mail: dev-h...@ant.apache.org > >