Robert Muir and I were looking for a IVY-compatible solution (the original Oracle tool cannot be automatically downloaded by IVY, as Oracle's website sets cookies and requests license confirmations). You can run it theoretically on the root folder of your harddisk - I did this on the whole web site. Unfortunately Oracle does not relaese a newer JDK 5 or JDK 6, so its impossible to do a release.īut Oracle publishes the binary and source code of a "fix tool", that can be run on top of a tree of HTML files, patching all broken files (and only those). We also want the lucene/solr-*-javadoc.jar files to be correct, but those are built with Java 5 (3.x) or Java 6 (4.x). AutoCloaseable interface unless we use a JDK 6 or 5 bootclasspath (like we do for web pages). This would be fine for Lucene trunk (which is Java 7 only).īut when we generate Javadocs JARs for Lucene 3 and 4, we cannot use Java 7 (to build the official release) because the javadocs would contain e.g. Unfortunately the release manager has to use the latest Java 7u25 version (released 2 days) ago. ![]() The mail also notes that we should not publish javadocs with this javadocs problem in the future. I fixed all published Javadocs on (for all historic releases where we have public available Javadocs on the web page). The issue is public and may be discussed freely on your project's dev list. The infrastructure team is investigating options for preventing the publication of vulnerable Javadoc. The announcement by Oracle includes a link to a tool that can be used to fix Javadoc without regeneration. ![]() Please take the necessary steps to fix any currently published Javadoc and to ensure that any future Javadoc published by your project does not contain the vulnerability. Oracle has announced, a frame injection vulnerability in Javadoc generated by Java 5, Java 6 and Java 7 before update 22. ![]() The Apache Infra / Security team posted to all committers:
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |