I did it already :-) See http://svn.apache.org/viewvc?view=revision&revision=1494942 I checkout the site tree and apply the tool provided by Oracle.
2013/6/23 Brent Atkinson <brent.atkin...@gmail.com>: > Hi Louis, > > Frame injection sounds technical, it's basically that someone can hijack > someone's site that uses frames to present their own content and try a > social engineering attack that takes advantage of a user's trust of the > sites authenticity. Someone can essentially put their own content in your > html frameset and try to convince the user to do things. > > Using enforcer would be to prevent people from publishing docs using java > versions that produce vulnerable docs. > > Brent > > > On Sat, Jun 22, 2013 at 12:06 PM, Louis Smith <dr.louis.sm...@gmail.com>wrote: > >> You're a braver man than I - I wouldn't attempt it... not even sure how >> enforcer could be used, or how to deal with the frame injection. I need to >> go study up on that one... >> >> Good Luck!! >> >> >> On Sat, Jun 22, 2013 at 11:58 AM, Brent Atkinson <batkin...@apache.org >> >wrote: >> >> > Greetings, >> > >> > I have some time to patch frame injection vulnerability in the project >> > javadocs. Since this is the first time publishing the docs, I'd like >> > someone to verify the process for me. From >> > http://continuum.apache.org/development/publishing-site.html it appears >> > that I: >> > >> > * check out the source under >> > http://svn.apache.org/repos/asf/continuum/site-publish >> > * patch the docs >> > * run "mvn site site:stage scm-publish:publish-scm" >> > >> > That should update the existing docs. >> > >> > How should we ensure new docs don't get published with the vulnerability? >> > Would that be something we'd do with enforcer and require versions? >> > >> > Brent >> > >> >> >> >> -- >> Dr. Louis Smith, ThD >> Chief Technology Officer, Kyra InfoTech >> Museum Director, Veterans Memorial Railroad >> -- Olivier Lamy Ecetera: http://ecetera.com.au http://twitter.com/olamy | http://linkedin.com/in/olamy
