You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@ctakes.apache.org by "Pei Chen (JIRA)" <ji...@apache.org> on 2013/07/08 23:31:48 UTC

[jira] [Updated] (CTAKES-212) [SECURITY] Frame injection vulnerability in published Javadoc

     [ https://issues.apache.org/jira/browse/CTAKES-212?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Pei Chen updated CTAKES-212:
----------------------------

    Fix Version/s: 3.1
    
> [SECURITY] Frame injection vulnerability in published Javadoc
> -------------------------------------------------------------
>
>                 Key: CTAKES-212
>                 URL: https://issues.apache.org/jira/browse/CTAKES-212
>             Project: cTAKES
>          Issue Type: Bug
>            Reporter: Pei Chen
>             Fix For: 3.1
>
>
> > Hi All,
> > 
> > Oracle has announced [1], [2] a frame injection vulnerability in 
> > Javadoc generated by Java 5, Java 6 and Java 7 before update 22.
> > 
> > The infrastructure team has completed a scan of our current project 
> > websites and identified over 6000 instances of vulnerable Javadoc 
> > distributed across most TLPs. The chances are the project(s) you 
> > contribute to is(are) affected. A list of projects and the number of 
> > affected Javadoc instances per project is provided at the end of this 
> > e-mail.
> > 
> > Please take the necessary steps to fix any currently published Javadoc 
> > and to ensure that any future Javadoc published by your project does 
> > not contain the vulnerability. The announcement by Oracle includes a 
> > link to a tool that can be used to fix Javadoc without regeneration.
> > 
> > The infrastructure team is investigating options for preventing the 
> > publication of vulnerable Javadoc.
> > 
> > The issue is public and may be discussed freely on your project's dev list.
> > 
> > Thanks,
> > 
> > Mark (ASF Infra)
> > 
> > 
> > 
> > [1]
> > http://www.oracle.com/technetwork/topics/security/javacpujun2013-18998
> > 47.html [2] http://www.kb.cert.org/vuls/id/225657
> > ctakes.apache.org       2

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira