db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mike matrigali <mikema...@gmail.com>
Subject Re: Vulnerability in API documentation (javadoc) bundled with Apache Derby
Date Fri, 21 Jun 2013 18:31:04 GMT
Do you happen to know if 10.1 is affected or not?

On 6/21/2013 5:07 AM, Knut Anders Hatlen wrote:
> Hi all,
>
> Some of you may already have noticed that Oracle's latest security
> update release of Java SE included a fix for a vulnerability in the
> javadoc tool (CVE-2013-1571). The javadocs included in all versions of
> Derby from 10.2.1.6 up to 10.10.1.1 were built with versions of the
> javadoc tool that had this vulnerability.
>
> If you publish javadocs from Derby (or from any other project for that
> matter) on a public-facing web server, we strongly recommend that you
> read Oracle's security advisory -
> http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html
> - and follow the steps to remove the vulnerability from the javadoc
> output.
>
>
> Thanks,
>


Mime
View raw message