> On Jul 9, 2013, at 2:57 AM, Aristedes Maniatis <[email protected]> wrote: >> Did we change the javadoc build process to avoid the javadoc security flaw >> recently discovered? I patched the website javadocs, but I'm not sure if we >> also have to change something in our maven build process or upgrade some >> plugin.
On Tue, Jul 9, 2013 at 2:12 AM, Andrus Adamchik <[email protected]> wrote: > Me neither. Probably some research is in order. Should we take this to a > separate thread? Maybe you can copy what some other project has done. I saw a notice about it for tomcat but I believe it is built with ant. https://issues.apache.org/bugzilla/show_bug.cgi?id=55119 That notice pointed to Lucene, but it says it was built with ivy. https://issues.apache.org/jira/browse/LUCENE-5072 So I didn't find a pointer to a maven-based fix.
