+1 to release from somebody outside (but provided the frame injection patch)!
Just a funny detail: The maven-javadoc-plugin-2.9.1-javadoc.jar on the staging repository of course have the frame injection bug! Somehow a chicken-egg problem. :-) Theoretically the pom.xml of the plugin should use its own version to create its own javadocs! But of course later versions of the plugin can then rely on 2.9.1. I don't think this should hold the release, because the frame injection bug is only critical if you publish the javadocs on a web server which is not the case for this plugin (right?). On a local eclipse displaying javadocs embedded, it does not matter at all if they are vulnerable. Uwe ----- Uwe Schindler H.-H.-Meier-Allee 63, D-28213 Bremen http://www.thetaphi.de eMail: u...@thetaphi.de > -----Original Message----- > From: Olivier Lamy [mailto:ol...@apache.org] > Sent: Monday, June 24, 2013 2:05 PM > To: Maven Developers List > Subject: [VOTE] Apache Maven Javadoc Plugin 2.9.1 > > Hi, > I'd like to release Apache Maven Javadoc Plugin 2.9.1. > > This version contains the code to fix the javadoc security issue after the > javadoc generation. > > We fixed 6 issues: > https://jira.codehaus.org/secure/ReleaseNote.jspa?version=18843&styleNa > me=Text&projectId=11138&Create=Create > > Staging repository: > https://repository.apache.org/content/repositories/maven-062 > > Staging site: http://maven.apache.org/plugins-archives/maven-javadoc- > plugin-2.9.1/ > > Vote open for 72H > > [+1] > [0] > [-1] > > Thanks, > -- > Olivier Lamy > Ecetera: http://ecetera.com.au > http://twitter.com/olamy | http://linkedin.com/in/olamy > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional > commands, e-mail: dev-h...@maven.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org