Uploaded image for project: 'OpenNLP'
  1. OpenNLP
  2. OPENNLP-583

JavaDoc Security Vulnerabilities

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: tools-1.5.3, maxent-3.0.3
    • Fix Version/s: None
    • Component/s: Documentation, Website
    • Labels:
    • Environment:
      All

      Description

      Hi All,

      Oracle has announced [1], [2] a frame injection vulnerability in Javadoc
      generated by Java 5, Java 6 and Java 7 before update 22.

      The infrastructure team has completed a scan of our current project
      websites and identified over 6000 instances of vulnerable Javadoc
      distributed across most TLPs. The chances are the project(s) you
      contribute to is(are) affected. A list of projects and the number of
      affected Javadoc instances per project is provided at the end of this
      e-mail.

      Please take the necessary steps to fix any currently published Javadoc
      and to ensure that any future Javadoc published by your project does not
      contain the vulnerability. The announcement by Oracle includes a link to
      a tool that can be used to fix Javadoc without regeneration.

      The infrastructure team is investigating options for preventing the
      publication of vulnerable Javadoc.

      The issue is public and may be discussed freely on your project's dev list.

      Thanks,

      Mark (ASF Infra)

      [1]
      http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html
      [2] http://www.kb.cert.org/vuls/id/225657

      Project Instances
      abdera.apache.org 1
      accumulo.apache.org 2
      activemq.apache.org 105
      any23.apache.org 13
      archiva.apache.org 4
      archive.apache.org 13
      aries.apache.org 7
      avro.apache.org 23
      axis.apache.org 5
      beehive.apache.org 16
      bval.apache.org 12
      camel.apache.org 786
      cayenne.apache.org 4
      chemistry.apache.org 6
      click.apache.org 3
      cocoon.apache.org 6
      commons.apache.org 34
      continuum.apache.org 9
      creadur.apache.org 19
      crunch.apache.org 4
      ctakes.apache.org 2
      curator.apache.org 4
      cxf.apache.org 6
      db.apache.org 39
      directory.apache.org 4
      empire-db.apache.org 1
      felix.apache.org 5
      flume.apache.org 5
      geronimo.apache.org 241
      giraph.apache.org 6
      gora.apache.org 3
      hadoop.apache.org 21
      hbase.apache.org 2
      hive.apache.org 4
      hivemind.apache.org 10
      incubator.apache.org 355
      jackrabbit.apache.org 9
      jakarta.apache.org 39
      james.apache.org 53
      jena.apache.org 5
      juddi.apache.org 3
      lenya.apache.org 46
      logging.apache.org 111
      lucene.apache.org 713
      manifoldcf.apache.org 112
      marmotta.apache.org 1
      maven.apache.org 1623
      maventest.apache.org 1178
      mina.apache.org 2
      mrunit.apache.org 3
      myfaces.apache.org 348
      nutch.apache.org 8
      oltu.apache.org 11
      oodt.apache.org 1
      ooo-site.apache.org 1
      oozie.apache.org 10
      openjpa.apache.org 20
      ==> opennlp.apache.org 9 <==
      pdfbox.apache.org 1
      pig.apache.org 7
      pivot.apache.org 1
      poi.apache.org 1
      portals.apache.org 35
      river.apache.org 2
      santuario.apache.org 1
      shale.apache.org 55
      shiro.apache.org 3
      sling.apache.org 2
      sqoop.apache.org 4
      struts.apache.org 190
      subversion.apache.org 3
      synapse.apache.org 1
      syncope.apache.org 2
      tapestry.apache.org 6
      tika.apache.org 9
      tiles.apache.org 12
      turbine.apache.org 100
      tuscany.apache.org 4
      uima.apache.org 12
      velocity.apache.org 41
      whirr.apache.org 2
      wicket.apache.org 3
      wink.apache.org 13
      ws.apache.org 22
      xalan.apache.org 1
      xerces.apache.org 5
      xml.apache.org 1
      xmlbeans.apache.org 3
      zookeeper.apache.org 18

        Attachments

          Activity

            People

            • Assignee:
              autayeu Aliaksandr Autayeu
              Reporter:
              jkosin James Kosin
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: