That explains why there were no vulnerabilities found. Thanks Olivier!
On Thu, Jun 27, 2013 at 1:05 AM, Olivier Lamy <ol...@apache.org> wrote: > I did it already :-) > See http://svn.apache.org/viewvc?view=revision&revision=1494942 > I checkout the site tree and apply the tool provided by Oracle. > > 2013/6/23 Brent Atkinson <brent.atkin...@gmail.com>: > > Hi Louis, > > > > Frame injection sounds technical, it's basically that someone can hijack > > someone's site that uses frames to present their own content and try a > > social engineering attack that takes advantage of a user's trust of the > > sites authenticity. Someone can essentially put their own content in your > > html frameset and try to convince the user to do things. > > > > Using enforcer would be to prevent people from publishing docs using java > > versions that produce vulnerable docs. > > > > Brent > > > > > > On Sat, Jun 22, 2013 at 12:06 PM, Louis Smith <dr.louis.sm...@gmail.com > >wrote: > > > >> You're a braver man than I - I wouldn't attempt it... not even sure how > >> enforcer could be used, or how to deal with the frame injection. I > need to > >> go study up on that one... > >> > >> Good Luck!! > >> > >> > >> On Sat, Jun 22, 2013 at 11:58 AM, Brent Atkinson <batkin...@apache.org > >> >wrote: > >> > >> > Greetings, > >> > > >> > I have some time to patch frame injection vulnerability in the project > >> > javadocs. Since this is the first time publishing the docs, I'd like > >> > someone to verify the process for me. From > >> > http://continuum.apache.org/development/publishing-site.html it > appears > >> > that I: > >> > > >> > * check out the source under > >> > http://svn.apache.org/repos/asf/continuum/site-publish > >> > * patch the docs > >> > * run "mvn site site:stage scm-publish:publish-scm" > >> > > >> > That should update the existing docs. > >> > > >> > How should we ensure new docs don't get published with the > vulnerability? > >> > Would that be something we'd do with enforcer and require versions? > >> > > >> > Brent > >> > > >> > >> > >> > >> -- > >> Dr. Louis Smith, ThD > >> Chief Technology Officer, Kyra InfoTech > >> Museum Director, Veterans Memorial Railroad > >> > > > > -- > Olivier Lamy > Ecetera: http://ecetera.com.au > http://twitter.com/olamy | http://linkedin.com/in/olamy >
