Hi all, I will later svn checkout all Javadocs on the Lucene/Solr website and run the patch tool on them. I will not regenerate all web pages, just patch the javadocs. It could be large commits, but don't care.
Uwe ----- Uwe Schindler H.-H.-Meier-Allee 63, D-28213 Bremen http://www.thetaphi.de eMail: [email protected] > -----Original Message----- > From: Mark Thomas [mailto:[email protected]] > Sent: Thursday, June 20, 2013 10:29 AM > To: [email protected] > Cc: [email protected] > Subject: [SECURITY] Frame injection vulnerability in published Javadoc > > Hi All, > > Oracle has announced [1], [2] a frame injection vulnerability in Javadoc > generated by Java 5, Java 6 and Java 7 before update 22. > > The infrastructure team has completed a scan of our current project > websites and identified over 6000 instances of vulnerable Javadoc distributed > across most TLPs. The chances are the project(s) you contribute to is(are) > affected. A list of projects and the number of affected Javadoc instances per > project is provided at the end of this e-mail. > > Please take the necessary steps to fix any currently published Javadoc and to > ensure that any future Javadoc published by your project does not contain > the vulnerability. The announcement by Oracle includes a link to a tool that > can be used to fix Javadoc without regeneration. > > The infrastructure team is investigating options for preventing the > publication of vulnerable Javadoc. > > The issue is public and may be discussed freely on your project's dev list. > > Thanks, > > Mark (ASF Infra) > > > > [1] > http://www.oracle.com/technetwork/topics/security/javacpujun2013- > 1899847.html > [2] http://www.kb.cert.org/vuls/id/225657 > > Project Instances > abdera.apache.org 1 > accumulo.apache.org 2 > activemq.apache.org 105 > any23.apache.org 13 > archiva.apache.org 4 > archive.apache.org 13 > aries.apache.org 7 > avro.apache.org 23 > axis.apache.org 5 > beehive.apache.org 16 > bval.apache.org 12 > camel.apache.org 786 > cayenne.apache.org 4 > chemistry.apache.org 6 > click.apache.org 3 > cocoon.apache.org 6 > commons.apache.org 34 > continuum.apache.org 9 > creadur.apache.org 19 > crunch.apache.org 4 > ctakes.apache.org 2 > curator.apache.org 4 > cxf.apache.org 6 > db.apache.org 39 > directory.apache.org 4 > empire-db.apache.org 1 > felix.apache.org 5 > flume.apache.org 5 > geronimo.apache.org 241 > giraph.apache.org 6 > gora.apache.org 3 > hadoop.apache.org 21 > hbase.apache.org 2 > hive.apache.org 4 > hivemind.apache.org 10 > incubator.apache.org 355 > jackrabbit.apache.org 9 > jakarta.apache.org 39 > james.apache.org 53 > jena.apache.org 5 > juddi.apache.org 3 > lenya.apache.org 46 > logging.apache.org 111 > lucene.apache.org 713 > manifoldcf.apache.org 112 > marmotta.apache.org 1 > maven.apache.org 1623 > maventest.apache.org 1178 > mina.apache.org 2 > mrunit.apache.org 3 > myfaces.apache.org 348 > nutch.apache.org 8 > oltu.apache.org 11 > oodt.apache.org 1 > ooo-site.apache.org 1 > oozie.apache.org 10 > openjpa.apache.org 20 > opennlp.apache.org 9 > pdfbox.apache.org 1 > pig.apache.org 7 > pivot.apache.org 1 > poi.apache.org 1 > portals.apache.org 35 > river.apache.org 2 > santuario.apache.org 1 > shale.apache.org 55 > shiro.apache.org 3 > sling.apache.org 2 > sqoop.apache.org 4 > struts.apache.org 190 > subversion.apache.org 3 > synapse.apache.org 1 > syncope.apache.org 2 > tapestry.apache.org 6 > tika.apache.org 9 > tiles.apache.org 12 > turbine.apache.org 100 > tuscany.apache.org 4 > uima.apache.org 12 > velocity.apache.org 41 > whirr.apache.org 2 > wicket.apache.org 3 > wink.apache.org 13 > ws.apache.org 22 > xalan.apache.org 1 > xerces.apache.org 5 > xml.apache.org 1 > xmlbeans.apache.org 3 > zookeeper.apache.org 18 --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
