Hi all, Some of you may already have noticed that Oracle's latest security update release of Java SE included a fix for a vulnerability in the javadoc tool (CVE-2013-1571). The javadocs included in all versions of Derby from 10.2.1.6 up to 10.10.1.1 were built with versions of the javadoc tool that had this vulnerability.
If you publish javadocs from Derby (or from any other project for that matter) on a public-facing web server, we strongly recommend that you read Oracle's security advisory - http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html - and follow the steps to remove the vulnerability from the javadoc output. Thanks, -- Knut Anders
