continuum-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Olivier Lamy <ol...@apache.org>
Subject Re: Patching javadocs
Date Thu, 27 Jun 2013 05:05:18 GMT
I did it already :-)
See http://svn.apache.org/viewvc?view=revision&revision=1494942
I checkout the site tree and apply the tool provided by Oracle.

2013/6/23 Brent Atkinson <brent.atkinson@gmail.com>:
> Hi Louis,
>
> Frame injection sounds technical, it's basically that someone can hijack
> someone's site that uses frames to present their own content and try a
> social engineering attack that takes advantage of a user's trust of the
> sites authenticity. Someone can essentially put their own content in your
> html frameset and try to convince the user to do things.
>
> Using enforcer would be to prevent people from publishing docs using java
> versions that produce vulnerable docs.
>
> Brent
>
>
> On Sat, Jun 22, 2013 at 12:06 PM, Louis Smith <dr.louis.smith@gmail.com>wrote:
>
>> You're a braver man than I - I wouldn't attempt it... not even sure how
>> enforcer could be used, or how to deal with the frame injection.  I need to
>> go study up on that one...
>>
>> Good Luck!!
>>
>>
>> On Sat, Jun 22, 2013 at 11:58 AM, Brent Atkinson <batkinson@apache.org
>> >wrote:
>>
>> > Greetings,
>> >
>> > I have some time to patch frame injection vulnerability in the project
>> > javadocs. Since this is the first time publishing the docs, I'd like
>> > someone to verify the process for me. From
>> > http://continuum.apache.org/development/publishing-site.html it appears
>> > that I:
>> >
>> >   * check out the source under
>> > http://svn.apache.org/repos/asf/continuum/site-publish
>> >   * patch the docs
>> >   * run "mvn site site:stage scm-publish:publish-scm"
>> >
>> > That should update the existing docs.
>> >
>> > How should we ensure new docs don't get published with the vulnerability?
>> > Would that be something we'd do with enforcer and require versions?
>> >
>> > Brent
>> >
>>
>>
>>
>> --
>> Dr. Louis Smith, ThD
>> Chief Technology Officer, Kyra InfoTech
>> Museum Director, Veterans Memorial Railroad
>>



-- 
Olivier Lamy
Ecetera: http://ecetera.com.au
http://twitter.com/olamy | http://linkedin.com/in/olamy

Mime
View raw message