You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@maven.apache.org by ol...@apache.org on 2013/06/24 04:50:26 UTC
svn commit: r1495909 -
/maven/plugins/trunk/maven-javadoc-plugin/src/main/java/org/apache/maven/plugin/javadoc/AbstractJavadocMojo.java
Author: olamy
Date: Mon Jun 24 02:50:26 2013
New Revision: 1495909
URL: http://svn.apache.org/r1495909
Log:
add a parameter to be able to disable javadoc security fix
Modified:
maven/plugins/trunk/maven-javadoc-plugin/src/main/java/org/apache/maven/plugin/javadoc/AbstractJavadocMojo.java
Modified: maven/plugins/trunk/maven-javadoc-plugin/src/main/java/org/apache/maven/plugin/javadoc/AbstractJavadocMojo.java
URL: http://svn.apache.org/viewvc/maven/plugins/trunk/maven-javadoc-plugin/src/main/java/org/apache/maven/plugin/javadoc/AbstractJavadocMojo.java?rev=1495909&r1=1495908&r2=1495909&view=diff
==============================================================================
--- maven/plugins/trunk/maven-javadoc-plugin/src/main/java/org/apache/maven/plugin/javadoc/AbstractJavadocMojo.java (original)
+++ maven/plugins/trunk/maven-javadoc-plugin/src/main/java/org/apache/maven/plugin/javadoc/AbstractJavadocMojo.java Mon Jun 24 02:50:26 2013
@@ -1661,6 +1661,13 @@ public abstract class AbstractJavadocMoj
@Parameter
private List<String> sourceFileExcludes;
+ /**
+ * To apply the security fix on generated javadoc see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1571
+ * @since 2.10
+ */
+ @Parameter(defaultValue = "true", property = "maven.javadoc.securityfix.apply")
+ private boolean applyJavadocSecurityFix = true;
+
// ----------------------------------------------------------------------
// static
// ----------------------------------------------------------------------
@@ -2018,21 +2025,27 @@ public abstract class AbstractJavadocMoj
scriptFile.delete();
}
}
-
- // finally, patch the Javadoc vulnerability in older Javadoc tools (CVE-2013-1571):
- try
+ if ( applyJavadocSecurityFix )
{
- final int patched = fixFrameInjectionBug( javadocOutputDirectory, getDocencoding() );
- if ( patched > 0 )
+ // finally, patch the Javadoc vulnerability in older Javadoc tools (CVE-2013-1571):
+ try
{
- getLog().info(
- String.format( "Fixed Javadoc frame injection vulnerability (CVE-2013-1571) in %d files.",
- patched ) );
+ final int patched = fixFrameInjectionBug( javadocOutputDirectory, getDocencoding() );
+ if ( patched > 0 )
+ {
+ getLog().info(
+ String.format( "Fixed Javadoc frame injection vulnerability (CVE-2013-1571) in %d files.",
+ patched ) );
+ }
+ }
+ catch ( IOException e )
+ {
+ throw new MavenReportException( "Failed to patch javadocs vulnerability: " + e.getMessage(), e );
}
}
- catch ( IOException e )
+ else
{
- throw new MavenReportException( "Failed to patch javadocs vulnerability: " + e.getMessage(), e );
+ getLog().info( "applying javadoc security fix has been disabled" );
}
}