ctakes-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CTAKES-212) [SECURITY] Frame injection vulnerability in published Javadoc
Date Mon, 08 Jul 2013 21:31:49 GMT

    [ https://issues.apache.org/jira/browse/CTAKES-212?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13702461#comment-13702461
] 

ASF subversion and git services commented on CTAKES-212:
--------------------------------------------------------

Commit 1500971 from chenpei@apache.org
[ https://svn.apache.org/r1500971 ]

CTAKES-212 - Updated to use the latest apache parent pom and javadoc plugin that contains
the java doc security fix.
                
> [SECURITY] Frame injection vulnerability in published Javadoc
> -------------------------------------------------------------
>
>                 Key: CTAKES-212
>                 URL: https://issues.apache.org/jira/browse/CTAKES-212
>             Project: cTAKES
>          Issue Type: Bug
>            Reporter: Pei Chen
>             Fix For: 3.1
>
>
> > Hi All,
> > 
> > Oracle has announced [1], [2] a frame injection vulnerability in 
> > Javadoc generated by Java 5, Java 6 and Java 7 before update 22.
> > 
> > The infrastructure team has completed a scan of our current project 
> > websites and identified over 6000 instances of vulnerable Javadoc 
> > distributed across most TLPs. The chances are the project(s) you 
> > contribute to is(are) affected. A list of projects and the number of 
> > affected Javadoc instances per project is provided at the end of this 
> > e-mail.
> > 
> > Please take the necessary steps to fix any currently published Javadoc 
> > and to ensure that any future Javadoc published by your project does 
> > not contain the vulnerability. The announcement by Oracle includes a 
> > link to a tool that can be used to fix Javadoc without regeneration.
> > 
> > The infrastructure team is investigating options for preventing the 
> > publication of vulnerable Javadoc.
> > 
> > The issue is public and may be discussed freely on your project's dev list.
> > 
> > Thanks,
> > 
> > Mark (ASF Infra)
> > 
> > 
> > 
> > [1]
> > http://www.oracle.com/technetwork/topics/security/javacpujun2013-18998
> > 47.html [2] http://www.kb.cert.org/vuls/id/225657
> > ctakes.apache.org       2

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message