ctakes-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Pei Chen (JIRA)" <j...@apache.org>
Subject [jira] [Created] (CTAKES-212) [SECURITY] Frame injection vulnerability in published Javadoc
Date Fri, 21 Jun 2013 18:00:24 GMT
Pei Chen created CTAKES-212:

             Summary: [SECURITY] Frame injection vulnerability in published Javadoc
                 Key: CTAKES-212
                 URL: https://issues.apache.org/jira/browse/CTAKES-212
             Project: cTAKES
          Issue Type: Bug
            Reporter: Pei Chen

> Hi All,
> Oracle has announced [1], [2] a frame injection vulnerability in 
> Javadoc generated by Java 5, Java 6 and Java 7 before update 22.
> The infrastructure team has completed a scan of our current project 
> websites and identified over 6000 instances of vulnerable Javadoc 
> distributed across most TLPs. The chances are the project(s) you 
> contribute to is(are) affected. A list of projects and the number of 
> affected Javadoc instances per project is provided at the end of this 
> e-mail.
> Please take the necessary steps to fix any currently published Javadoc 
> and to ensure that any future Javadoc published by your project does 
> not contain the vulnerability. The announcement by Oracle includes a 
> link to a tool that can be used to fix Javadoc without regeneration.
> The infrastructure team is investigating options for preventing the 
> publication of vulnerable Javadoc.
> The issue is public and may be discussed freely on your project's dev list.
> Thanks,
> Mark (ASF Infra)
> [1]
> http://www.oracle.com/technetwork/topics/security/javacpujun2013-18998
> 47.html [2] http://www.kb.cert.org/vuls/id/225657

> ctakes.apache.org       2

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

View raw message