+1

2013/7/6 Matt Benson <gudnabr...@gmail.com>

> Sounds like a good idea. Thanks Stefan!
>
> Matt
> On Jul 5, 2013 9:36 AM, "Stefan Bodewig" <bode...@apache.org> wrote:
>
> > Hi all,
> >
> > as you most probably know Oracle's javadoc tool prior to Java 7u25
> > creates javadocs with a frame injection vulnerability - see
> > CVE-2013-1571, VU#225657 for details.
> >
> > The javadoc task in trunk contains a patch based on code by Uwe
> > Schindler of the Lucene community that postprocesses javadoc's output,
> > identifies vulnerable pages and fixes them.
> >
> > This is similar to the patch applied to Maven's javadoc plugin which led
> > to their version 2.9.1.
> >
> > Do we want to cut an Ant release to help Ant users to get around the
> > vulnerability or is the macrodef I've added to the online manual enough
> > in our view?
> >
> > If enough people think we should cut a release then I guess I'm
> > volunteering to be the RM.
> >
> > Stefan
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscr...@ant.apache.org
> > For additional commands, e-mail: dev-h...@ant.apache.org
> >
> >
>



-- 
Jean Louis Boudart
Independent consultant
Apache EasyAnt commiter http://ant.apache.org/easyant/

Reply via email to