Ralph Goers created FLUME-2103:
----------------------------------
Summary: Change Javadoc generation per CVE-2013-1571, VU#225657
Key: FLUME-2103
URL: https://issues.apache.org/jira/browse/FLUME-2103
Project: Flume
Issue Type: Bug
Components: Docs
Affects Versions: v1.3.1
Reporter: Ralph Goers
Oracle has announced a Javadoc vulnerability (CVE-2013-1571 [1], VU#225657 [2])
whereby Javadoc generated with Java 5, Java 6, or Java 7 < 7u25 is vulnerable
to a frame injection attack. Oracle has provided a repair-in-place tool for
Javadoc that cannot be easily regenerated, but is urging developers to
regenerate whatever Javadoc they can using Java 7u25. For all practical
purposes, the vulnerability really only applies to publicly-hosted Javadoc, so
the Javadoc in our existing Maven artifacts really doesn't have to be worried
about (not that we could do anything about it).
[1]
http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html
[2] http://www.kb.cert.org/vuls/id/225657
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
