Hi all, Since it is a urgent security matter, I've completed the task and I'm asking for approval of the PMC after the deed. Thanks for your understanding.
I applied the patch provided by Oracle and published the result immediately. The affected files were: tiles-showcase/apidocs/index.html eval/apidocs/index.html 2.0/framework/apidocs/index.html 2.0/framework/testapidocs/index.html framework/apidocs/index.html framework/testapidocs/index.html tiles-autotag/apidocs/index.html tiles-request/apidocs/index.html 2.1/framework/apidocs/index.html 2.1/framework/testapidocs/index.html 2.2/framework/apidocs/index.html 2.2/framework/testapidocs/index.html Please know that any comments will be considered with attention. Thanks, Nick. -------- Original Message -------- Subject: [SECURITY] Frame injection vulnerability in published Javadoc Hi All, Oracle has announced [1], [2] a frame injection vulnerability in Javadoc generated by Java 5, Java 6 and Java 7 before update 22. [...] [1] http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html [2] http://www.kb.cert.org/vuls/id/225657 Project Instances [...] tiles.apache.org 12 [...]
