You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@camel.apache.org by "Christian Müller (JIRA)" <ji...@apache.org> on 2013/06/20 11:11:19 UTC
[jira] [Created] (CAMEL-6470) Fix the frame injection vulnerability
in published Javadoc
Christian Müller created CAMEL-6470:
---------------------------------------
Summary: Fix the frame injection vulnerability in published Javadoc
Key: CAMEL-6470
URL: https://issues.apache.org/jira/browse/CAMEL-6470
Project: Camel
Issue Type: Bug
Affects Versions: 2.11.0, 2.10.4
Reporter: Christian Müller
Assignee: Christian Müller
Priority: Blocker
Fix For: 2.10.5, 2.11.1, 2.12.0
Oracle has announced [1], [2] a frame injection vulnerability in Javadoc
generated by Java 5, Java 6 and Java 7 before update 22.
The infrastructure team has completed a scan of our current project
websites and identified over 6000 instances of vulnerable Javadoc
distributed across most TLPs. The chances are the project(s) you
contribute to is(are) affected. A list of projects and the number of
affected Javadoc instances per project is provided at the end of this
e-mail.
Please take the necessary steps to fix any currently published Javadoc
and to ensure that any future Javadoc published by your project does not
contain the vulnerability. The announcement by Oracle includes a link to
a tool that can be used to fix Javadoc without regeneration.
The infrastructure team is investigating options for preventing the
publication of vulnerable Javadoc.
[1]
http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html
[2] http://www.kb.cert.org/vuls/id/225657
camel.apache.org 786 vulnerabilities
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira