Hi Olivier, I noticed you fixed that in Maven, could you help us on Onami for that? Many thanks in advance!
-Simo http://people.apache.org/~simonetripodi/ http://twitter.com/simonetripodi ---------- Forwarded message ---------- From: Mark Thomas <ma...@apache.org> Date: Thu, Jun 20, 2013 at 10:29 AM Subject: [SECURITY] Frame injection vulnerability in published Javadoc To: committ...@apache.org Cc: r...@apache.org Hi All, Oracle has announced [1], [2] a frame injection vulnerability in Javadoc generated by Java 5, Java 6 and Java 7 before update 22. The infrastructure team has completed a scan of our current project websites and identified over 6000 instances of vulnerable Javadoc distributed across most TLPs. The chances are the project(s) you contribute to is(are) affected. A list of projects and the number of affected Javadoc instances per project is provided at the end of this e-mail. Please take the necessary steps to fix any currently published Javadoc and to ensure that any future Javadoc published by your project does not contain the vulnerability. The announcement by Oracle includes a link to a tool that can be used to fix Javadoc without regeneration. The infrastructure team is investigating options for preventing the publication of vulnerable Javadoc. The issue is public and may be discussed freely on your project's dev list. Thanks, Mark (ASF Infra) [1] http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html [2] http://www.kb.cert.org/vuls/id/225657 Project Instances abdera.apache.org 1 accumulo.apache.org 2 activemq.apache.org 105 any23.apache.org 13 archiva.apache.org 4 archive.apache.org 13 aries.apache.org 7 avro.apache.org 23 axis.apache.org 5 beehive.apache.org 16 bval.apache.org 12 camel.apache.org 786 cayenne.apache.org 4 chemistry.apache.org 6 click.apache.org 3 cocoon.apache.org 6 commons.apache.org 34 continuum.apache.org 9 creadur.apache.org 19 crunch.apache.org 4 ctakes.apache.org 2 curator.apache.org 4 cxf.apache.org 6 db.apache.org 39 directory.apache.org 4 empire-db.apache.org 1 felix.apache.org 5 flume.apache.org 5 geronimo.apache.org 241 giraph.apache.org 6 gora.apache.org 3 hadoop.apache.org 21 hbase.apache.org 2 hive.apache.org 4 hivemind.apache.org 10 incubator.apache.org 355 jackrabbit.apache.org 9 jakarta.apache.org 39 james.apache.org 53 jena.apache.org 5 juddi.apache.org 3 lenya.apache.org 46 logging.apache.org 111 lucene.apache.org 713 manifoldcf.apache.org 112 marmotta.apache.org 1 maven.apache.org 1623 maventest.apache.org 1178 mina.apache.org 2 mrunit.apache.org 3 myfaces.apache.org 348 nutch.apache.org 8 oltu.apache.org 11 oodt.apache.org 1 ooo-site.apache.org 1 oozie.apache.org 10 openjpa.apache.org 20 opennlp.apache.org 9 pdfbox.apache.org 1 pig.apache.org 7 pivot.apache.org 1 poi.apache.org 1 portals.apache.org 35 river.apache.org 2 santuario.apache.org 1 shale.apache.org 55 shiro.apache.org 3 sling.apache.org 2 sqoop.apache.org 4 struts.apache.org 190 subversion.apache.org 3 synapse.apache.org 1 syncope.apache.org 2 tapestry.apache.org 6 tika.apache.org 9 tiles.apache.org 12 turbine.apache.org 100 tuscany.apache.org 4 uima.apache.org 12 velocity.apache.org 41 whirr.apache.org 2 wicket.apache.org 3 wink.apache.org 13 ws.apache.org 22 xalan.apache.org 1 xerces.apache.org 5 xml.apache.org 1 xmlbeans.apache.org 3 zookeeper.apache.org 18
