ant-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jean-Louis Boudart <jeanlouis.boud...@gmail.com>
Subject Re: Cutting a Release because of the Javadoc Vulnerability?
Date Sat, 06 Jul 2013 10:48:32 GMT
+1


2013/7/6 Matt Benson <gudnabrsam@gmail.com>

> Sounds like a good idea. Thanks Stefan!
>
> Matt
> On Jul 5, 2013 9:36 AM, "Stefan Bodewig" <bodewig@apache.org> wrote:
>
> > Hi all,
> >
> > as you most probably know Oracle's javadoc tool prior to Java 7u25
> > creates javadocs with a frame injection vulnerability - see
> > CVE-2013-1571, VU#225657 for details.
> >
> > The javadoc task in trunk contains a patch based on code by Uwe
> > Schindler of the Lucene community that postprocesses javadoc's output,
> > identifies vulnerable pages and fixes them.
> >
> > This is similar to the patch applied to Maven's javadoc plugin which led
> > to their version 2.9.1.
> >
> > Do we want to cut an Ant release to help Ant users to get around the
> > vulnerability or is the macrodef I've added to the online manual enough
> > in our view?
> >
> > If enough people think we should cut a release then I guess I'm
> > volunteering to be the RM.
> >
> > Stefan
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@ant.apache.org
> > For additional commands, e-mail: dev-help@ant.apache.org
> >
> >
>



-- 
Jean Louis Boudart
Independent consultant
Apache EasyAnt commiter http://ant.apache.org/easyant/

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message