You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@opennlp.apache.org by "Aliaksandr Autayeu (JIRA)" <ji...@apache.org> on 2013/06/22 15:12:22 UTC
[jira] [Updated] (OPENNLP-583) JavaDoc Security Vulnerabilities
[ https://issues.apache.org/jira/browse/OPENNLP-583?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Aliaksandr Autayeu updated OPENNLP-583:
---------------------------------------
Summary: JavaDoc Security Vulnerabilities (was: JavaDoc Security Vulnorabilities)
> JavaDoc Security Vulnerabilities
> --------------------------------
>
> Key: OPENNLP-583
> URL: https://issues.apache.org/jira/browse/OPENNLP-583
> Project: OpenNLP
> Issue Type: Bug
> Components: Documentation, Website
> Affects Versions: tools-1.5.3, maxent-3.0.3
> Environment: All
> Reporter: James Kosin
> Labels: security
>
> Hi All,
> Oracle has announced [1], [2] a frame injection vulnerability in Javadoc
> generated by Java 5, Java 6 and Java 7 before update 22.
> The infrastructure team has completed a scan of our current project
> websites and identified over 6000 instances of vulnerable Javadoc
> distributed across most TLPs. The chances are the project(s) you
> contribute to is(are) affected. A list of projects and the number of
> affected Javadoc instances per project is provided at the end of this
> e-mail.
> Please take the necessary steps to fix any currently published Javadoc
> and to ensure that any future Javadoc published by your project does not
> contain the vulnerability. The announcement by Oracle includes a link to
> a tool that can be used to fix Javadoc without regeneration.
> The infrastructure team is investigating options for preventing the
> publication of vulnerable Javadoc.
> The issue is public and may be discussed freely on your project's dev list.
> Thanks,
> Mark (ASF Infra)
> [1]
> http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html
> [2] http://www.kb.cert.org/vuls/id/225657
> Project Instances
> abdera.apache.org 1
> accumulo.apache.org 2
> activemq.apache.org 105
> any23.apache.org 13
> archiva.apache.org 4
> archive.apache.org 13
> aries.apache.org 7
> avro.apache.org 23
> axis.apache.org 5
> beehive.apache.org 16
> bval.apache.org 12
> camel.apache.org 786
> cayenne.apache.org 4
> chemistry.apache.org 6
> click.apache.org 3
> cocoon.apache.org 6
> commons.apache.org 34
> continuum.apache.org 9
> creadur.apache.org 19
> crunch.apache.org 4
> ctakes.apache.org 2
> curator.apache.org 4
> cxf.apache.org 6
> db.apache.org 39
> directory.apache.org 4
> empire-db.apache.org 1
> felix.apache.org 5
> flume.apache.org 5
> geronimo.apache.org 241
> giraph.apache.org 6
> gora.apache.org 3
> hadoop.apache.org 21
> hbase.apache.org 2
> hive.apache.org 4
> hivemind.apache.org 10
> incubator.apache.org 355
> jackrabbit.apache.org 9
> jakarta.apache.org 39
> james.apache.org 53
> jena.apache.org 5
> juddi.apache.org 3
> lenya.apache.org 46
> logging.apache.org 111
> lucene.apache.org 713
> manifoldcf.apache.org 112
> marmotta.apache.org 1
> maven.apache.org 1623
> maventest.apache.org 1178
> mina.apache.org 2
> mrunit.apache.org 3
> myfaces.apache.org 348
> nutch.apache.org 8
> oltu.apache.org 11
> oodt.apache.org 1
> ooo-site.apache.org 1
> oozie.apache.org 10
> openjpa.apache.org 20
> ==> opennlp.apache.org 9 <==
> pdfbox.apache.org 1
> pig.apache.org 7
> pivot.apache.org 1
> poi.apache.org 1
> portals.apache.org 35
> river.apache.org 2
> santuario.apache.org 1
> shale.apache.org 55
> shiro.apache.org 3
> sling.apache.org 2
> sqoop.apache.org 4
> struts.apache.org 190
> subversion.apache.org 3
> synapse.apache.org 1
> syncope.apache.org 2
> tapestry.apache.org 6
> tika.apache.org 9
> tiles.apache.org 12
> turbine.apache.org 100
> tuscany.apache.org 4
> uima.apache.org 12
> velocity.apache.org 41
> whirr.apache.org 2
> wicket.apache.org 3
> wink.apache.org 13
> ws.apache.org 22
> xalan.apache.org 1
> xerces.apache.org 5
> xml.apache.org 1
> xmlbeans.apache.org 3
> zookeeper.apache.org 18
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira