[
https://issues.apache.org/jira/browse/FLUME-2103?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13692405#comment-13692405
]
Ralph Goers commented on FLUME-2103:
------------------------------------
The live site has been patched.
> Change Javadoc generation per CVE-2013-1571, VU#225657
> ------------------------------------------------------
>
> Key: FLUME-2103
> URL: https://issues.apache.org/jira/browse/FLUME-2103
> Project: Flume
> Issue Type: Bug
> Components: Docs
> Affects Versions: v1.3.1
> Reporter: Ralph Goers
>
> Oracle has announced a Javadoc vulnerability (CVE-2013-1571 [1], VU#225657
> [2]) whereby Javadoc generated with Java 5, Java 6, or Java 7 < 7u25 is
> vulnerable to a frame injection attack. Oracle has provided a repair-in-place
> tool for Javadoc that cannot be easily regenerated, but is urging developers
> to regenerate whatever Javadoc they can using Java 7u25. For all practical
> purposes, the vulnerability really only applies to publicly-hosted Javadoc,
> so the Javadoc in our existing Maven artifacts really doesn't have to be
> worried about (not that we could do anything about it).
> [1]
> http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html
> [2] http://www.kb.cert.org/vuls/id/225657
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
