Sergio Fernández created MARMOTTA-263:
-----------------------------------------
Summary: Fix frame injection bug in javadocs generated with Java 6
(and Java 7 prior u25)
Key: MARMOTTA-263
URL: https://issues.apache.org/jira/browse/MARMOTTA-263
Project: Marmotta
Issue Type: Bug
Components: Website
Reporter: Sergio Fernández
Assignee: Sergio Fernández
Priority: Critical
The Apache Infra / Security team posted to all committers:
Hi All,
Oracle has announced [1], [2] a frame injection vulnerability in Javadoc
generated by Java 5, Java 6 and Java 7 before update 22.
[...]
Please take the necessary steps to fix any currently published Javadoc and to
ensure that any future Javadoc published by your project does not contain the
vulnerability. The announcement by Oracle includes a link to a tool that can be
used to fix Javadoc without regeneration.
The infrastructure team is investigating options for preventing the publication
of vulnerable Javadoc.
The issue is public and may be discussed freely on your project's dev list.
Thanks,
Mark (ASF Infra)
For the moment, due a bug with multiple reports (see
http://jira.codehaus.org/browse/MSHARED-271 for further details), our site only
is affected by one instance.
The buildbot+maven environment still uses Java6, so all the workaround in the
maven plugin (https://jira.codehaus.org/browse/MJAVADOC-370) wouldn't be
enough...
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
