Hi Mike,
The 10.0 and 10.1 javadoc were ok according to a comment by Knut on
https://issues.apache.org/jira/browse/DERBY-6270
Thanks,
-Rick
On 6/21/13 11:31 AM, mike matrigali wrote:
Do you happen to know if 10.1 is affected or not?
On 6/21/2013 5:07 AM, Knut Anders Hatlen wrote:
Hi all,
Some of you may already have noticed that Oracle's latest security
update release of Java SE included a fix for a vulnerability in the
javadoc tool (CVE-2013-1571). The javadocs included in all versions of
Derby from 10.2.1.6 up to 10.10.1.1 were built with versions of the
javadoc tool that had this vulnerability.
If you publish javadocs from Derby (or from any other project for that
matter) on a public-facing web server, we strongly recommend that you
read Oracle's security advisory -
http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html
- and follow the steps to remove the vulnerability from the javadoc
output.
Thanks,
