db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Knut Anders Hatlen <knut.hat...@oracle.com>
Subject Vulnerability in API documentation (javadoc) bundled with Apache Derby
Date Fri, 21 Jun 2013 12:07:13 GMT
Hi all,

Some of you may already have noticed that Oracle's latest security
update release of Java SE included a fix for a vulnerability in the
javadoc tool (CVE-2013-1571). The javadocs included in all versions of
Derby from 10.2.1.6 up to 10.10.1.1 were built with versions of the
javadoc tool that had this vulnerability.

If you publish javadocs from Derby (or from any other project for that
matter) on a public-facing web server, we strongly recommend that you
read Oracle's security advisory -
http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html
- and follow the steps to remove the vulnerability from the javadoc
output.


Thanks,

-- 
Knut Anders

Mime
View raw message