You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@any23.apache.org by "Lewis John McGibbney (JIRA)" <ji...@apache.org> on 2014/08/15 20:27:19 UTC

[jira] [Resolved] (ANY23-160) [SECURITY] Frame injection vulnerability in published Javadoc

     [ https://issues.apache.org/jira/browse/ANY23-160?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Lewis John McGibbney resolved ANY23-160.
----------------------------------------

    Resolution: Not a Problem
      Assignee: Lewis John McGibbney

I've just fixed the Gora docs over on GORA-250
I checked the Any23 docs and I cannot find any discrepancies here.

lmcgibbn@LMC-032857 ~/Downloads/javadoc $ java -jar JavadocUpdaterTool.jar -R -C /usr/local/any23/any23-site/apidocs
Java Documentation Updater Tool version 1.3 11/22/2013

lmcgibbn@LMC-032857 ~/Downloads/javadoc $ java -jar JavadocUpdaterTool.jar -R -C /usr/local/any23/any23-site/apidocs/0.8.0/
Java Documentation Updater Tool version 1.3 11/22/2013

lmcgibbn@LMC-032857 ~/Downloads/javadoc $ java -jar JavadocUpdaterTool.jar -R -C /usr/local/any23/any23-site/
Java Documentation Updater Tool version 1.3 11/22/2013

lmcgibbn@LMC-032857 ~/Downloads/javadoc $ java -jar JavadocUpdaterTool.jar -R -C /usr/local/any23/any23-site/apidocs/
Java Documentation Updater Tool version 1.3 11/22/2013

lmcgibbn@LMC-032857 ~/Downloads/javadoc $ java -jar JavadocUpdaterTool.jar -R -C /usr/local/any23/any23-site/apidocs/0.9.1-SNAPSHOT/
Java Documentation Updater Tool version 1.3 11/22/2013

lmcgibbn@LMC-032857 ~/Downloads/javadoc $ java -jar JavadocUpdaterTool.jar -R -C /usr/local/any23/any23-site/apidocs/0.8.0/
Java Documentation Updater Tool version 1.3 11/22/2013


> [SECURITY] Frame injection vulnerability in published Javadoc
> -------------------------------------------------------------
>
>                 Key: ANY23-160
>                 URL: https://issues.apache.org/jira/browse/ANY23-160
>             Project: Apache Any23
>          Issue Type: New Feature
>    Affects Versions: 0.8.0
>            Reporter: Lewis John McGibbney
>            Assignee: Lewis John McGibbney
>            Priority: Blocker
>             Fix For: 1.1
>
>
> Hi All,
> Oracle has announced [1], [2] a frame injection vulnerability in Javadoc
> generated by Java 5, Java 6 and Java 7 before update 22.
> The infrastructure team has completed a scan of our current project
> websites and identified over 6000 instances of vulnerable Javadoc
> distributed across most TLPs. The chances are the project(s) you
> contribute to is(are) affected. A list of projects and the number of
> affected Javadoc instances per project is provided at the end of this
> e-mail.
> Please take the necessary steps to fix any currently published Javadoc
> and to ensure that any future Javadoc published by your project does not
> contain the vulnerability. The announcement by Oracle includes a link to
> a tool that can be used to fix Javadoc without regeneration.
> The infrastructure team is investigating options for preventing the
> publication of vulnerable Javadoc.
> [1]
> http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html
> [2] http://www.kb.cert.org/vuls/id/225657
> any23.apache.org        13



--
This message was sent by Atlassian JIRA
(v6.2#6252)