https://bz.apache.org/bugzilla/show_bug.cgi?id=66144
Stefan Bodewig <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- OS| |All --- Comment #1 from Stefan Bodewig <[email protected]> --- I don't believe it is Ant itself that puts jquery into the api docs but the javadoc tool of the JDK does. "Fixing" the manual probably means re-creating it with a more recent JDK - if and only if the more recent JDK has actually upgraded its jquery dependency, that is. Looking at CVE-2020-11023 and grepping through the code a bit I don't believe the code generated by the javadoc tool ever uses input from untrusted source at all, so it may just be that the apidocs generated simply are not affected by the vulnerabilty and thus no update is required. You may want to check that yourself. -- You are receiving this mail because: You are the assignee for the bug.
