+1
2013/7/6 Matt Benson <gudnabr...@gmail.com> > Sounds like a good idea. Thanks Stefan! > > Matt > On Jul 5, 2013 9:36 AM, "Stefan Bodewig" <bode...@apache.org> wrote: > > > Hi all, > > > > as you most probably know Oracle's javadoc tool prior to Java 7u25 > > creates javadocs with a frame injection vulnerability - see > > CVE-2013-1571, VU#225657 for details. > > > > The javadoc task in trunk contains a patch based on code by Uwe > > Schindler of the Lucene community that postprocesses javadoc's output, > > identifies vulnerable pages and fixes them. > > > > This is similar to the patch applied to Maven's javadoc plugin which led > > to their version 2.9.1. > > > > Do we want to cut an Ant release to help Ant users to get around the > > vulnerability or is the macrodef I've added to the online manual enough > > in our view? > > > > If enough people think we should cut a release then I guess I'm > > volunteering to be the RM. > > > > Stefan > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@ant.apache.org > > For additional commands, e-mail: dev-h...@ant.apache.org > > > > > -- Jean Louis Boudart Independent consultant Apache EasyAnt commiter http://ant.apache.org/easyant/
