Return-Path: X-Original-To: apmail-ctakes-dev-archive@www.apache.org Delivered-To: apmail-ctakes-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id E9F08102C5 for ; Thu, 20 Jun 2013 18:40:16 +0000 (UTC) Received: (qmail 51487 invoked by uid 500); 20 Jun 2013 18:40:16 -0000 Delivered-To: apmail-ctakes-dev-archive@ctakes.apache.org Received: (qmail 51455 invoked by uid 500); 20 Jun 2013 18:40:15 -0000 Mailing-List: contact dev-help@ctakes.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@ctakes.apache.org Delivered-To: mailing list dev@ctakes.apache.org Received: (qmail 51447 invoked by uid 99); 20 Jun 2013 18:40:15 -0000 Received: from minotaur.apache.org (HELO minotaur.apache.org) (140.211.11.9) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 20 Jun 2013 18:40:15 +0000 Received: from localhost (HELO mail-ie0-f170.google.com) (127.0.0.1) (smtp-auth username chenpei, mechanism plain) by minotaur.apache.org (qpsmtpd/0.29) with ESMTP; Thu, 20 Jun 2013 18:40:15 +0000 Received: by mail-ie0-f170.google.com with SMTP id e11so17777613iej.29 for ; Thu, 20 Jun 2013 11:40:14 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=KY5wBhA/CejAYHRX5wQEqh6rJm5a6t234UY8lka+mpw=; b=K1h3u1uacuH0qa4vcDZ3XD4HL6v4E3ZA0F/MOGQJHtYGvenoaMG0Fr4t5PMRp7cbAA RzznAB8oAW8ZHUywHK/pEt4ZpGprBkjSbM0Oauc9li/gYcV8bmGb2/RxDOwYtOr7v7vD AaZBzemLRZrMuBX/wpzUBn/E0YI1ERj4p5oSUHd4Qh+5m1z0VxIxqpMTCUibhyOAir8t mqLfguKtnLEGbcDn8nPV8JoMq5DCIvzHhe8XRHFfAnjEaH49L51SHIac/OPd3zAhyUjS 63maAXdpOmD4zis0qxSjlwedLNGhV0GNUc9TYsy036HWxqctzIkAXUimSeP6te4zlUcM cHTA== MIME-Version: 1.0 X-Received: by 10.50.176.228 with SMTP id cl4mr486650igc.7.1371753614415; Thu, 20 Jun 2013 11:40:14 -0700 (PDT) Received: by 10.50.50.131 with HTTP; Thu, 20 Jun 2013 11:40:14 -0700 (PDT) In-Reply-To: <51C2BD63.7000901@apache.org> References: <51C2BD63.7000901@apache.org> Date: Thu, 20 Jun 2013 14:40:14 -0400 Message-ID: Subject: Fwd: [SECURITY] Frame injection vulnerability in published Javadoc From: Pei Chen To: dev@ctakes.apache.org Content-Type: multipart/alternative; boundary=089e0111d7eee820a904df9a4606 --089e0111d7eee820a904df9a4606 Content-Type: text/plain; charset=ISO-8859-1 FYI We should probably update our javadocs for the next release... ---------- Forwarded message ---------- From: Mark Thomas Date: Thu, Jun 20, 2013 at 4:29 AM Subject: [SECURITY] Frame injection vulnerability in published Javadoc To: committers@apache.org Cc: root@apache.org Hi All, Oracle has announced [1], [2] a frame injection vulnerability in Javadoc generated by Java 5, Java 6 and Java 7 before update 22. The infrastructure team has completed a scan of our current project websites and identified over 6000 instances of vulnerable Javadoc distributed across most TLPs. The chances are the project(s) you contribute to is(are) affected. A list of projects and the number of affected Javadoc instances per project is provided at the end of this e-mail. Please take the necessary steps to fix any currently published Javadoc and to ensure that any future Javadoc published by your project does not contain the vulnerability. The announcement by Oracle includes a link to a tool that can be used to fix Javadoc without regeneration. The infrastructure team is investigating options for preventing the publication of vulnerable Javadoc. The issue is public and may be discussed freely on your project's dev list. Thanks, Mark (ASF Infra) [1] http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html [2] http://www.kb.cert.org/vuls/id/225657 Project Instances abdera.apache.org 1 accumulo.apache.org 2 activemq.apache.org 105 any23.apache.org 13 archiva.apache.org 4 archive.apache.org 13 aries.apache.org 7 avro.apache.org 23 axis.apache.org 5 beehive.apache.org 16 bval.apache.org 12 camel.apache.org 786 cayenne.apache.org 4 chemistry.apache.org 6 click.apache.org 3 cocoon.apache.org 6 commons.apache.org 34 continuum.apache.org 9 creadur.apache.org 19 crunch.apache.org 4 ctakes.apache.org 2 curator.apache.org 4 cxf.apache.org 6 db.apache.org 39 directory.apache.org 4 empire-db.apache.org 1 felix.apache.org 5 flume.apache.org 5 geronimo.apache.org 241 giraph.apache.org 6 gora.apache.org 3 hadoop.apache.org 21 hbase.apache.org 2 hive.apache.org 4 hivemind.apache.org 10 incubator.apache.org 355 jackrabbit.apache.org 9 jakarta.apache.org 39 james.apache.org 53 jena.apache.org 5 juddi.apache.org 3 lenya.apache.org 46 logging.apache.org 111 lucene.apache.org 713 manifoldcf.apache.org 112 marmotta.apache.org 1 maven.apache.org 1623 maventest.apache.org 1178 mina.apache.org 2 mrunit.apache.org 3 myfaces.apache.org 348 nutch.apache.org 8 oltu.apache.org 11 oodt.apache.org 1 ooo-site.apache.org 1 oozie.apache.org 10 openjpa.apache.org 20 opennlp.apache.org 9 pdfbox.apache.org 1 pig.apache.org 7 pivot.apache.org 1 poi.apache.org 1 portals.apache.org 35 river.apache.org 2 santuario.apache.org 1 shale.apache.org 55 shiro.apache.org 3 sling.apache.org 2 sqoop.apache.org 4 struts.apache.org 190 subversion.apache.org 3 synapse.apache.org 1 syncope.apache.org 2 tapestry.apache.org 6 tika.apache.org 9 tiles.apache.org 12 turbine.apache.org 100 tuscany.apache.org 4 uima.apache.org 12 velocity.apache.org 41 whirr.apache.org 2 wicket.apache.org 3 wink.apache.org 13 ws.apache.org 22 xalan.apache.org 1 xerces.apache.org 5 xml.apache.org 1 xmlbeans.apache.org 3 zookeeper.apache.org 18 --089e0111d7eee820a904df9a4606--