You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@ant.apache.org by bu...@apache.org on 2022/06/25 15:46:24 UTC

[Bug 66144] The manual/api uses out of date jquery 3.3.1 which has security issues

https://bz.apache.org/bugzilla/show_bug.cgi?id=66144

Stefan Bodewig <bo...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 OS|                            |All

--- Comment #1 from Stefan Bodewig <bo...@apache.org> ---
I don't believe it is Ant itself that puts jquery into the api docs but the
javadoc tool of the JDK does. "Fixing" the manual probably means re-creating it
with a more recent JDK - if and only if the more recent JDK has actually
upgraded its jquery dependency, that is.

Looking at CVE-2020-11023 and grepping through the code a bit I don't believe
the code generated by the javadoc tool ever uses input from untrusted source at
all, so it may just be that the apidocs generated simply are not affected by
the vulnerabilty and thus no update is required. You may want to check that
yourself.

-- 
You are receiving this mail because:
You are the assignee for the bug.