You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-dev@db.apache.org by "Knut Anders Hatlen (JIRA)" <ji...@apache.org> on 2013/06/20 13:18:20 UTC
[jira] [Closed] (DERBY-6270) Run Java API Documentation Updater
Tool on the published javadocs
[ https://issues.apache.org/jira/browse/DERBY-6270?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Knut Anders Hatlen closed DERBY-6270.
-------------------------------------
Resolution: Fixed
Fix Version/s: 10.10.1.2
10.9.2.2
10.8.3.1
10.7.1.4
10.6.2.3
10.5.3.2
10.4.2.1
10.3.3.1
10.2.2.1
The changes seem to have propagated to the web site, so I'm closing the issue.
> Run Java API Documentation Updater Tool on the published javadocs
> -----------------------------------------------------------------
>
> Key: DERBY-6270
> URL: https://issues.apache.org/jira/browse/DERBY-6270
> Project: Derby
> Issue Type: Bug
> Components: Web Site
> Affects Versions: 10.2.2.0, 10.3.3.0, 10.4.2.0, 10.5.3.0, 10.6.2.1, 10.7.1.1, 10.8.3.0, 10.9.1.0, 10.10.1.1
> Reporter: Knut Anders Hatlen
> Assignee: Knut Anders Hatlen
> Fix For: 10.2.2.1, 10.3.3.1, 10.4.2.1, 10.5.3.2, 10.6.2.3, 10.7.1.4, 10.8.3.1, 10.9.2.2, 10.10.1.2
>
> Attachments: javadoc.diff
>
>
> The infrastructure team recommends that we update the javadocs on the web site to fix a vulnerability. We can either regenerate javadocs using JDK 7u25 or use a tool that updates the docs in-place. I'll take a look at running the tool, which can be found here: http://www.oracle.com/technetwork/java/javase/downloads/java-doc-updater-tool-1955731.html
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
Re: [jira] [Closed] (DERBY-6270) Run Java API Documentation Updater Tool on the published javadocs
Posted by Knut Anders Hatlen <kn...@oracle.com>.
Rick Hillegas <ri...@oracle.com> writes:
> On 6/20/13 11:38 AM, Myrna van Lunteren wrote:
>> Thanks Knut, for your quick action.
>>
>> I wonder, do we need to do anything regarding this in javadoc in
>> past releases? Add a comment to the download page
>> (http://db.apache.org/derby/derby_downloads.html), alert the user
>> list?
>> I prefer not to create new releases for older branches because it's
>> such a hassle to create a release.
> I think that the old releases contain other, more serious security
> vulnerabilities which have been addressed in later distributions. We
> don't generally regenerate older releases just because we discover and
> fix a vulnerability later on. We don't annotate the download page to
> call attention to vulnerabilities in old releases. I don't think that
> this defect requires a special response.
>
> We could consider sending a brief note to derby-user, now that we have
> fixed our own exposure to this bug.
>
> We have handled other vulnerabilities by including extra instructions
> in the release notes for a later release. I think it would be adequate
> to write a release note for DERBY-6270 and mark that issue as fixed in
> 10.10.1.3 and 10.11.0.0 so that users will be alerted when they read
> the release notes for our next couple releases.
I've uploaded a release note to DERBY-6270 and added 10.11.0.0 to the
fix versions (it was already marked as fixed in 10.10.1.3).
I've also added verifying that the javadocs don't suffer from this
vulnerability as a separate item in the release vetting checklist
template on the wiki. And in the checklists for the not yet released
10.9.2, 10.10.2 and 10.11.1 versions.
Finally, I've just sent a mail to derby-user suggesting that users read
the security advisory and take the appropriate steps.
Hopefully, that should cover it.
Thanks,
--
Knut Anders
Re: [jira] [Closed] (DERBY-6270) Run Java API Documentation Updater
Tool on the published javadocs
Posted by Rick Hillegas <ri...@oracle.com>.
On 6/20/13 11:38 AM, Myrna van Lunteren wrote:
> Thanks Knut, for your quick action.
>
> I wonder, do we need to do anything regarding this in javadoc in past
> releases? Add a comment to the download page
> (http://db.apache.org/derby/derby_downloads.html), alert the user list?
> I prefer not to create new releases for older branches because it's
> such a hassle to create a release.
I think that the old releases contain other, more serious security
vulnerabilities which have been addressed in later distributions. We
don't generally regenerate older releases just because we discover and
fix a vulnerability later on. We don't annotate the download page to
call attention to vulnerabilities in old releases. I don't think that
this defect requires a special response.
We could consider sending a brief note to derby-user, now that we have
fixed our own exposure to this bug.
We have handled other vulnerabilities by including extra instructions in
the release notes for a later release. I think it would be adequate to
write a release note for DERBY-6270 and mark that issue as fixed in
10.10.1.3 and 10.11.0.0 so that users will be alerted when they read the
release notes for our next couple releases.
My $0.02,
-Rick
>
> Myrna
>
>
> On Thu, Jun 20, 2013 at 4:18 AM, Knut Anders Hatlen (JIRA)
> <jira@apache.org <ma...@apache.org>> wrote:
>
>
> [
> https://issues.apache.org/jira/browse/DERBY-6270?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
> ]
>
> Knut Anders Hatlen closed DERBY-6270.
> -------------------------------------
>
> Resolution: Fixed
> Fix Version/s: 10.10.1.2
> 10.9.2.2
> 10.8.3.1
> 10.7.1.4
> 10.6.2.3
> 10.5.3.2
> 10.4.2.1
> 10.3.3.1
> 10.2.2.1
>
> The changes seem to have propagated to the web site, so I'm
> closing the issue.
>
> > Run Java API Documentation Updater Tool on the published javadocs
> > -----------------------------------------------------------------
> >
> > Key: DERBY-6270
> > URL:
> https://issues.apache.org/jira/browse/DERBY-6270
> > Project: Derby
> > Issue Type: Bug
> > Components: Web Site
> > Affects Versions: 10.2.2.0, 10.3.3.0, 10.4.2.0, 10.5.3.0,
> 10.6.2.1, 10.7.1.1, 10.8.3.0, 10.9.1.0, 10.10.1.1
> > Reporter: Knut Anders Hatlen
> > Assignee: Knut Anders Hatlen
> > Fix For: 10.2.2.1, 10.3.3.1, 10.4.2.1, 10.5.3.2,
> 10.6.2.3, 10.7.1.4, 10.8.3.1, 10.9.2.2, 10.10.1.2
> >
> > Attachments: javadoc.diff
> >
> >
> > The infrastructure team recommends that we update the javadocs
> on the web site to fix a vulnerability. We can either regenerate
> javadocs using JDK 7u25 or use a tool that updates the docs
> in-place. I'll take a look at running the tool, which can be found
> here:
> http://www.oracle.com/technetwork/java/javase/downloads/java-doc-updater-tool-1955731.html
>
> --
> This message is automatically generated by JIRA.
> If you think it was sent incorrectly, please contact your JIRA
> administrators
> For more information on JIRA, see:
> http://www.atlassian.com/software/jira
>
>
Re: [jira] [Closed] (DERBY-6270) Run Java API Documentation Updater
Tool on the published javadocs
Posted by Myrna van Lunteren <m....@gmail.com>.
Thanks Knut, for your quick action.
I wonder, do we need to do anything regarding this in javadoc in past
releases? Add a comment to the download page (
http://db.apache.org/derby/derby_downloads.html), alert the user list?
I prefer not to create new releases for older branches because it's such a
hassle to create a release.
Myrna
On Thu, Jun 20, 2013 at 4:18 AM, Knut Anders Hatlen (JIRA)
<ji...@apache.org>wrote:
>
> [
> https://issues.apache.org/jira/browse/DERBY-6270?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel]
>
> Knut Anders Hatlen closed DERBY-6270.
> -------------------------------------
>
> Resolution: Fixed
> Fix Version/s: 10.10.1.2
> 10.9.2.2
> 10.8.3.1
> 10.7.1.4
> 10.6.2.3
> 10.5.3.2
> 10.4.2.1
> 10.3.3.1
> 10.2.2.1
>
> The changes seem to have propagated to the web site, so I'm closing the
> issue.
>
> > Run Java API Documentation Updater Tool on the published javadocs
> > -----------------------------------------------------------------
> >
> > Key: DERBY-6270
> > URL: https://issues.apache.org/jira/browse/DERBY-6270
> > Project: Derby
> > Issue Type: Bug
> > Components: Web Site
> > Affects Versions: 10.2.2.0, 10.3.3.0, 10.4.2.0, 10.5.3.0, 10.6.2.1,
> 10.7.1.1, 10.8.3.0, 10.9.1.0, 10.10.1.1
> > Reporter: Knut Anders Hatlen
> > Assignee: Knut Anders Hatlen
> > Fix For: 10.2.2.1, 10.3.3.1, 10.4.2.1, 10.5.3.2, 10.6.2.3,
> 10.7.1.4, 10.8.3.1, 10.9.2.2, 10.10.1.2
> >
> > Attachments: javadoc.diff
> >
> >
> > The infrastructure team recommends that we update the javadocs on the
> web site to fix a vulnerability. We can either regenerate javadocs using
> JDK 7u25 or use a tool that updates the docs in-place. I'll take a look at
> running the tool, which can be found here:
> http://www.oracle.com/technetwork/java/javase/downloads/java-doc-updater-tool-1955731.html
>
> --
> This message is automatically generated by JIRA.
> If you think it was sent incorrectly, please contact your JIRA
> administrators
> For more information on JIRA, see: http://www.atlassian.com/software/jira
>