continuum-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brent Atkinson <brent.atkin...@gmail.com>
Subject Re: Patching javadocs
Date Sat, 22 Jun 2013 17:08:05 GMT
Hi Louis,

Frame injection sounds technical, it's basically that someone can hijack
someone's site that uses frames to present their own content and try a
social engineering attack that takes advantage of a user's trust of the
sites authenticity. Someone can essentially put their own content in your
html frameset and try to convince the user to do things.

Using enforcer would be to prevent people from publishing docs using java
versions that produce vulnerable docs.

Brent


On Sat, Jun 22, 2013 at 12:06 PM, Louis Smith <dr.louis.smith@gmail.com>wrote:

> You're a braver man than I - I wouldn't attempt it... not even sure how
> enforcer could be used, or how to deal with the frame injection.  I need to
> go study up on that one...
>
> Good Luck!!
>
>
> On Sat, Jun 22, 2013 at 11:58 AM, Brent Atkinson <batkinson@apache.org
> >wrote:
>
> > Greetings,
> >
> > I have some time to patch frame injection vulnerability in the project
> > javadocs. Since this is the first time publishing the docs, I'd like
> > someone to verify the process for me. From
> > http://continuum.apache.org/development/publishing-site.html it appears
> > that I:
> >
> >   * check out the source under
> > http://svn.apache.org/repos/asf/continuum/site-publish
> >   * patch the docs
> >   * run "mvn site site:stage scm-publish:publish-scm"
> >
> > That should update the existing docs.
> >
> > How should we ensure new docs don't get published with the vulnerability?
> > Would that be something we'd do with enforcer and require versions?
> >
> > Brent
> >
>
>
>
> --
> Dr. Louis Smith, ThD
> Chief Technology Officer, Kyra InfoTech
> Museum Director, Veterans Memorial Railroad
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message