db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rick Hillegas <rick.hille...@oracle.com>
Subject Re: Vulnerability in API documentation (javadoc) bundled with Apache Derby
Date Fri, 21 Jun 2013 19:38:59 GMT
Hi Mike,

The 10.0 and 10.1 javadoc were ok according to a comment by Knut on 
https://issues.apache.org/jira/browse/DERBY-6270

Thanks,
-Rick

On 6/21/13 11:31 AM, mike matrigali wrote:
> Do you happen to know if 10.1 is affected or not?
>
> On 6/21/2013 5:07 AM, Knut Anders Hatlen wrote:
>> Hi all,
>>
>> Some of you may already have noticed that Oracle's latest security
>> update release of Java SE included a fix for a vulnerability in the
>> javadoc tool (CVE-2013-1571). The javadocs included in all versions of
>> Derby from 10.2.1.6 up to 10.10.1.1 were built with versions of the
>> javadoc tool that had this vulnerability.
>>
>> If you publish javadocs from Derby (or from any other project for that
>> matter) on a public-facing web server, we strongly recommend that you
>> read Oracle's security advisory -
>> http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html 
>>
>> - and follow the steps to remove the vulnerability from the javadoc
>> output.
>>
>>
>> Thanks,
>>
>
>


Mime
View raw message