You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@opennlp.apache.org by "James Kosin (JIRA)" <ji...@apache.org> on 2013/06/22 01:39:20 UTC
[jira] [Created] (OPENNLP-583) JavaDoc Security Vulnorabilities
James Kosin created OPENNLP-583:
-----------------------------------
Summary: JavaDoc Security Vulnorabilities
Key: OPENNLP-583
URL: https://issues.apache.org/jira/browse/OPENNLP-583
Project: OpenNLP
Issue Type: Bug
Components: Documentation, Website
Affects Versions: maxent-3.0.3, tools-1.5.3
Environment: All
Reporter: James Kosin
Hi All,
Oracle has announced [1], [2] a frame injection vulnerability in Javadoc
generated by Java 5, Java 6 and Java 7 before update 22.
The infrastructure team has completed a scan of our current project
websites and identified over 6000 instances of vulnerable Javadoc
distributed across most TLPs. The chances are the project(s) you
contribute to is(are) affected. A list of projects and the number of
affected Javadoc instances per project is provided at the end of this
e-mail.
Please take the necessary steps to fix any currently published Javadoc
and to ensure that any future Javadoc published by your project does not
contain the vulnerability. The announcement by Oracle includes a link to
a tool that can be used to fix Javadoc without regeneration.
The infrastructure team is investigating options for preventing the
publication of vulnerable Javadoc.
The issue is public and may be discussed freely on your project's dev list.
Thanks,
Mark (ASF Infra)
[1]
http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html
[2] http://www.kb.cert.org/vuls/id/225657
Project Instances
abdera.apache.org 1
accumulo.apache.org 2
activemq.apache.org 105
any23.apache.org 13
archiva.apache.org 4
archive.apache.org 13
aries.apache.org 7
avro.apache.org 23
axis.apache.org 5
beehive.apache.org 16
bval.apache.org 12
camel.apache.org 786
cayenne.apache.org 4
chemistry.apache.org 6
click.apache.org 3
cocoon.apache.org 6
commons.apache.org 34
continuum.apache.org 9
creadur.apache.org 19
crunch.apache.org 4
ctakes.apache.org 2
curator.apache.org 4
cxf.apache.org 6
db.apache.org 39
directory.apache.org 4
empire-db.apache.org 1
felix.apache.org 5
flume.apache.org 5
geronimo.apache.org 241
giraph.apache.org 6
gora.apache.org 3
hadoop.apache.org 21
hbase.apache.org 2
hive.apache.org 4
hivemind.apache.org 10
incubator.apache.org 355
jackrabbit.apache.org 9
jakarta.apache.org 39
james.apache.org 53
jena.apache.org 5
juddi.apache.org 3
lenya.apache.org 46
logging.apache.org 111
lucene.apache.org 713
manifoldcf.apache.org 112
marmotta.apache.org 1
maven.apache.org 1623
maventest.apache.org 1178
mina.apache.org 2
mrunit.apache.org 3
myfaces.apache.org 348
nutch.apache.org 8
oltu.apache.org 11
oodt.apache.org 1
ooo-site.apache.org 1
oozie.apache.org 10
openjpa.apache.org 20
==> opennlp.apache.org 9 <==
pdfbox.apache.org 1
pig.apache.org 7
pivot.apache.org 1
poi.apache.org 1
portals.apache.org 35
river.apache.org 2
santuario.apache.org 1
shale.apache.org 55
shiro.apache.org 3
sling.apache.org 2
sqoop.apache.org 4
struts.apache.org 190
subversion.apache.org 3
synapse.apache.org 1
syncope.apache.org 2
tapestry.apache.org 6
tika.apache.org 9
tiles.apache.org 12
turbine.apache.org 100
tuscany.apache.org 4
uima.apache.org 12
velocity.apache.org 41
whirr.apache.org 2
wicket.apache.org 3
wink.apache.org 13
ws.apache.org 22
xalan.apache.org 1
xerces.apache.org 5
xml.apache.org 1
xmlbeans.apache.org 3
zookeeper.apache.org 18
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira