ant-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matt Benson <gudnabr...@gmail.com>
Subject Re: Cutting a Release because of the Javadoc Vulnerability?
Date Sat, 06 Jul 2013 03:03:11 GMT
Sounds like a good idea. Thanks Stefan!

Matt
On Jul 5, 2013 9:36 AM, "Stefan Bodewig" <bodewig@apache.org> wrote:

> Hi all,
>
> as you most probably know Oracle's javadoc tool prior to Java 7u25
> creates javadocs with a frame injection vulnerability - see
> CVE-2013-1571, VU#225657 for details.
>
> The javadoc task in trunk contains a patch based on code by Uwe
> Schindler of the Lucene community that postprocesses javadoc's output,
> identifies vulnerable pages and fixes them.
>
> This is similar to the patch applied to Maven's javadoc plugin which led
> to their version 2.9.1.
>
> Do we want to cut an Ant release to help Ant users to get around the
> vulnerability or is the macrodef I've added to the online manual enough
> in our view?
>
> If enough people think we should cut a release then I guess I'm
> volunteering to be the RM.
>
> Stefan
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@ant.apache.org
> For additional commands, e-mail: dev-help@ant.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message