You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@flume.apache.org by "Ralph Goers (JIRA)" <ji...@apache.org> on 2013/06/24 23:32:21 UTC
[jira] [Commented] (FLUME-2103) Change Javadoc generation per
CVE-2013-1571, VU#225657
[ https://issues.apache.org/jira/browse/FLUME-2103?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13692405#comment-13692405 ]
Ralph Goers commented on FLUME-2103:
------------------------------------
The live site has been patched.
> Change Javadoc generation per CVE-2013-1571, VU#225657
> ------------------------------------------------------
>
> Key: FLUME-2103
> URL: https://issues.apache.org/jira/browse/FLUME-2103
> Project: Flume
> Issue Type: Bug
> Components: Docs
> Affects Versions: v1.3.1
> Reporter: Ralph Goers
>
> Oracle has announced a Javadoc vulnerability (CVE-2013-1571 [1], VU#225657 [2]) whereby Javadoc generated with Java 5, Java 6, or Java 7 < 7u25 is vulnerable to a frame injection attack. Oracle has provided a repair-in-place tool for Javadoc that cannot be easily regenerated, but is urging developers to regenerate whatever Javadoc they can using Java 7u25. For all practical purposes, the vulnerability really only applies to publicly-hosted Javadoc, so the Javadoc in our existing Maven artifacts really doesn't have to be worried about (not that we could do anything about it).
> [1] http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html
> [2] http://www.kb.cert.org/vuls/id/225657
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira