[ https://issues.apache.org/jira/browse/NUTCH-1590?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Julien Nioche updated NUTCH-1590: --------------------------------- Attachment: NUTCH-1590.patch What about doing it like this? Haven't tested exhaustively but seems to do the trick. > [SECURITY] Frame injection vulnerability in published Javadoc > ------------------------------------------------------------- > > Key: NUTCH-1590 > URL: https://issues.apache.org/jira/browse/NUTCH-1590 > Project: Nutch > Issue Type: New Feature > Components: documentation > Affects Versions: 1.7, 2.2 > Reporter: Lewis John McGibbney > Priority: Blocker > Fix For: 1.9 > > Attachments: NUTCH-1590.patch > > > Hi All, > Oracle has announced [1], [2] a frame injection vulnerability in Javadoc > generated by Java 5, Java 6 and Java 7 before update 22. > The infrastructure team has completed a scan of our current project > websites and identified over 6000 instances of vulnerable Javadoc > distributed across most TLPs. The chances are the project(s) you > contribute to is(are) affected. A list of projects and the number of > affected Javadoc instances per project is provided at the end of this > e-mail. > Please take the necessary steps to fix any currently published Javadoc > and to ensure that any future Javadoc published by your project does not > contain the vulnerability. The announcement by Oracle includes a link to > a tool that can be used to fix Javadoc without regeneration. > The infrastructure team is investigating options for preventing the > publication of vulnerable Javadoc. > The issue is public and may be discussed freely on your project's dev list. > [1] > http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html > [2] http://www.kb.cert.org/vuls/id/225657 > nutch.apache.org 8 -- This message was sent by Atlassian JIRA (v6.2#6252)