[
https://issues.apache.org/jira/browse/CTAKES-212?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pei Chen updated CTAKES-212:
----------------------------
Fix Version/s: 3.1
> [SECURITY] Frame injection vulnerability in published Javadoc
> -------------------------------------------------------------
>
> Key: CTAKES-212
> URL: https://issues.apache.org/jira/browse/CTAKES-212
> Project: cTAKES
> Issue Type: Bug
> Reporter: Pei Chen
> Fix For: 3.1
>
>
> > Hi All,
> >
> > Oracle has announced [1], [2] a frame injection vulnerability in
> > Javadoc generated by Java 5, Java 6 and Java 7 before update 22.
> >
> > The infrastructure team has completed a scan of our current project
> > websites and identified over 6000 instances of vulnerable Javadoc
> > distributed across most TLPs. The chances are the project(s) you
> > contribute to is(are) affected. A list of projects and the number of
> > affected Javadoc instances per project is provided at the end of this
> > e-mail.
> >
> > Please take the necessary steps to fix any currently published Javadoc
> > and to ensure that any future Javadoc published by your project does
> > not contain the vulnerability. The announcement by Oracle includes a
> > link to a tool that can be used to fix Javadoc without regeneration.
> >
> > The infrastructure team is investigating options for preventing the
> > publication of vulnerable Javadoc.
> >
> > The issue is public and may be discussed freely on your project's dev list.
> >
> > Thanks,
> >
> > Mark (ASF Infra)
> >
> >
> >
> > [1]
> > http://www.oracle.com/technetwork/topics/security/javacpujun2013-18998
> > 47.html [2] http://www.kb.cert.org/vuls/id/225657
> > ctakes.apache.org 2
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
