GREAT news, thanks a lot! :) http://people.apache.org/~simonetripodi/ http://twitter.com/simonetripodi
On Thu, Jun 20, 2013 at 12:00 PM, Olivier Lamy <ol...@apache.org> wrote: > we use doclava so no problem. > BTW I checked with the Oracle tool to be safe. > So no worries! > > 2013/6/20 Simone Tripodi <simonetrip...@apache.org>: >> Hi Olivier, >> >> I noticed you fixed that in Maven, could you help us on Onami for >> that? Many thanks in advance! >> >> -Simo >> >> http://people.apache.org/~simonetripodi/ >> http://twitter.com/simonetripodi >> >> >> >> ---------- Forwarded message ---------- >> From: Mark Thomas <ma...@apache.org> >> Date: Thu, Jun 20, 2013 at 10:29 AM >> Subject: [SECURITY] Frame injection vulnerability in published Javadoc >> To: committ...@apache.org >> Cc: r...@apache.org >> >> >> Hi All, >> >> Oracle has announced [1], [2] a frame injection vulnerability in Javadoc >> generated by Java 5, Java 6 and Java 7 before update 22. >> >> The infrastructure team has completed a scan of our current project >> websites and identified over 6000 instances of vulnerable Javadoc >> distributed across most TLPs. The chances are the project(s) you >> contribute to is(are) affected. A list of projects and the number of >> affected Javadoc instances per project is provided at the end of this >> e-mail. >> >> Please take the necessary steps to fix any currently published Javadoc >> and to ensure that any future Javadoc published by your project does not >> contain the vulnerability. The announcement by Oracle includes a link to >> a tool that can be used to fix Javadoc without regeneration. >> >> The infrastructure team is investigating options for preventing the >> publication of vulnerable Javadoc. >> >> The issue is public and may be discussed freely on your project's dev list. >> >> Thanks, >> >> Mark (ASF Infra) >> >> >> >> [1] >> http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html >> [2] http://www.kb.cert.org/vuls/id/225657 >> >> Project Instances >> abdera.apache.org 1 >> accumulo.apache.org 2 >> activemq.apache.org 105 >> any23.apache.org 13 >> archiva.apache.org 4 >> archive.apache.org 13 >> aries.apache.org 7 >> avro.apache.org 23 >> axis.apache.org 5 >> beehive.apache.org 16 >> bval.apache.org 12 >> camel.apache.org 786 >> cayenne.apache.org 4 >> chemistry.apache.org 6 >> click.apache.org 3 >> cocoon.apache.org 6 >> commons.apache.org 34 >> continuum.apache.org 9 >> creadur.apache.org 19 >> crunch.apache.org 4 >> ctakes.apache.org 2 >> curator.apache.org 4 >> cxf.apache.org 6 >> db.apache.org 39 >> directory.apache.org 4 >> empire-db.apache.org 1 >> felix.apache.org 5 >> flume.apache.org 5 >> geronimo.apache.org 241 >> giraph.apache.org 6 >> gora.apache.org 3 >> hadoop.apache.org 21 >> hbase.apache.org 2 >> hive.apache.org 4 >> hivemind.apache.org 10 >> incubator.apache.org 355 >> jackrabbit.apache.org 9 >> jakarta.apache.org 39 >> james.apache.org 53 >> jena.apache.org 5 >> juddi.apache.org 3 >> lenya.apache.org 46 >> logging.apache.org 111 >> lucene.apache.org 713 >> manifoldcf.apache.org 112 >> marmotta.apache.org 1 >> maven.apache.org 1623 >> maventest.apache.org 1178 >> mina.apache.org 2 >> mrunit.apache.org 3 >> myfaces.apache.org 348 >> nutch.apache.org 8 >> oltu.apache.org 11 >> oodt.apache.org 1 >> ooo-site.apache.org 1 >> oozie.apache.org 10 >> openjpa.apache.org 20 >> opennlp.apache.org 9 >> pdfbox.apache.org 1 >> pig.apache.org 7 >> pivot.apache.org 1 >> poi.apache.org 1 >> portals.apache.org 35 >> river.apache.org 2 >> santuario.apache.org 1 >> shale.apache.org 55 >> shiro.apache.org 3 >> sling.apache.org 2 >> sqoop.apache.org 4 >> struts.apache.org 190 >> subversion.apache.org 3 >> synapse.apache.org 1 >> syncope.apache.org 2 >> tapestry.apache.org 6 >> tika.apache.org 9 >> tiles.apache.org 12 >> turbine.apache.org 100 >> tuscany.apache.org 4 >> uima.apache.org 12 >> velocity.apache.org 41 >> whirr.apache.org 2 >> wicket.apache.org 3 >> wink.apache.org 13 >> ws.apache.org 22 >> xalan.apache.org 1 >> xerces.apache.org 5 >> xml.apache.org 1 >> xmlbeans.apache.org 3 >> zookeeper.apache.org 18 > > > > -- > Olivier Lamy > Ecetera: http://ecetera.com.au > http://twitter.com/olamy | http://linkedin.com/in/olamy
