[
https://issues.apache.org/jira/browse/MARMOTTA-263?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13694731#comment-13694731
]
Sergio Fernández commented on MARMOTTA-263:
-------------------------------------------
WE'd need to get released 2.9.1 to confirm it...
> Fix frame injection bug in javadocs generated with Java 6 (and Java 7 prior
> u25)
> --------------------------------------------------------------------------------
>
> Key: MARMOTTA-263
> URL: https://issues.apache.org/jira/browse/MARMOTTA-263
> Project: Marmotta
> Issue Type: Bug
> Components: Website
> Reporter: Sergio Fernández
> Assignee: Sergio Fernández
> Priority: Critical
> Labels: javadoc, oracle, security
> Original Estimate: 2h
> Remaining Estimate: 2h
>
> The Apache Infra / Security team posted to all committers:
> Hi All,
> Oracle has announced [1], [2] a frame injection vulnerability in Javadoc
> generated by Java 5, Java 6 and Java 7 before update 22.
> [...]
> Please take the necessary steps to fix any currently published Javadoc and to
> ensure that any future Javadoc published by your project does not contain the
> vulnerability. The announcement by Oracle includes a link to a tool that can
> be used to fix Javadoc without regeneration.
> The infrastructure team is investigating options for preventing the
> publication of vulnerable Javadoc.
> The issue is public and may be discussed freely on your project's dev list.
> Thanks,
> Mark (ASF Infra)
> For the moment, due a bug with multiple reports (see
> http://jira.codehaus.org/browse/MSHARED-271 for further details), our site
> only is affected by one instance.
> The buildbot+maven environment still uses Java6, so all the workaround in the
> maven plugin (https://jira.codehaus.org/browse/MJAVADOC-370) wouldn't be
> enough...
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
