You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@opennlp.apache.org by "Aliaksandr Autayeu (JIRA)" <ji...@apache.org> on 2013/06/22 15:12:22 UTC

[jira] [Updated] (OPENNLP-583) JavaDoc Security Vulnerabilities

     [ https://issues.apache.org/jira/browse/OPENNLP-583?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Aliaksandr Autayeu updated OPENNLP-583:
---------------------------------------

    Summary: JavaDoc Security Vulnerabilities  (was: JavaDoc Security Vulnorabilities)
    
> JavaDoc Security Vulnerabilities
> --------------------------------
>
>                 Key: OPENNLP-583
>                 URL: https://issues.apache.org/jira/browse/OPENNLP-583
>             Project: OpenNLP
>          Issue Type: Bug
>          Components: Documentation, Website
>    Affects Versions: tools-1.5.3, maxent-3.0.3
>         Environment: All
>            Reporter: James Kosin
>              Labels: security
>
> Hi All,
> Oracle has announced [1], [2] a frame injection vulnerability in Javadoc
> generated by Java 5, Java 6 and Java 7 before update 22.
> The infrastructure team has completed a scan of our current project
> websites and identified over 6000 instances of vulnerable Javadoc
> distributed across most TLPs. The chances are the project(s) you
> contribute to is(are) affected. A list of projects and the number of
> affected Javadoc instances per project is provided at the end of this
> e-mail.
> Please take the necessary steps to fix any currently published Javadoc
> and to ensure that any future Javadoc published by your project does not
> contain the vulnerability. The announcement by Oracle includes a link to
> a tool that can be used to fix Javadoc without regeneration.
> The infrastructure team is investigating options for preventing the
> publication of vulnerable Javadoc.
> The issue is public and may be discussed freely on your project's dev list.
> Thanks,
> Mark (ASF Infra)
> [1]
> http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html
> [2] http://www.kb.cert.org/vuls/id/225657
> Project			Instances
> abdera.apache.org	1
> accumulo.apache.org	2
> activemq.apache.org	105
> any23.apache.org	13
> archiva.apache.org	4
> archive.apache.org	13
> aries.apache.org	7
> avro.apache.org		23
> axis.apache.org		5
> beehive.apache.org	16
> bval.apache.org		12
> camel.apache.org	786
> cayenne.apache.org	4
> chemistry.apache.org	6
> click.apache.org	3
> cocoon.apache.org	6
> commons.apache.org	34
> continuum.apache.org	9
> creadur.apache.org	19
> crunch.apache.org	4
> ctakes.apache.org	2
> curator.apache.org	4
> cxf.apache.org		6
> db.apache.org		39
> directory.apache.org	4
> empire-db.apache.org	1
> felix.apache.org	5
> flume.apache.org	5
> geronimo.apache.org	241
> giraph.apache.org	6
> gora.apache.org		3
> hadoop.apache.org	21
> hbase.apache.org	2
> hive.apache.org		4
> hivemind.apache.org	10
> incubator.apache.org	355
> jackrabbit.apache.org	9
> jakarta.apache.org	39
> james.apache.org	53
> jena.apache.org		5
> juddi.apache.org	3
> lenya.apache.org	46
> logging.apache.org	111
> lucene.apache.org	713
> manifoldcf.apache.org	112
> marmotta.apache.org	1
> maven.apache.org	1623
> maventest.apache.org	1178
> mina.apache.org		2
> mrunit.apache.org	3
> myfaces.apache.org	348
> nutch.apache.org	8
> oltu.apache.org		11
> oodt.apache.org		1
> ooo-site.apache.org	1
> oozie.apache.org	10
> openjpa.apache.org	20
> ==> opennlp.apache.org	9  <==
> pdfbox.apache.org	1
> pig.apache.org		7
> pivot.apache.org	1
> poi.apache.org		1
> portals.apache.org	35
> river.apache.org	2
> santuario.apache.org	1
> shale.apache.org	55
> shiro.apache.org	3
> sling.apache.org	2
> sqoop.apache.org	4
> struts.apache.org	190
> subversion.apache.org	3
> synapse.apache.org	1
> syncope.apache.org	2
> tapestry.apache.org	6
> tika.apache.org		9
> tiles.apache.org	12
> turbine.apache.org	100
> tuscany.apache.org	4
> uima.apache.org		12
> velocity.apache.org	41
> whirr.apache.org	2
> wicket.apache.org	3
> wink.apache.org		13
> ws.apache.org		22
> xalan.apache.org	1
> xerces.apache.org	5
> xml.apache.org		1
> xmlbeans.apache.org	3
> zookeeper.apache.org	18

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira