[aerogear-dev] Javadoc vulnerability and fixes
Bruno Oliveira
bruno at abstractj.org
Mon Jul 15 15:04:59 EDT 2013
Good morning peeps.
Today was fixed one of the security vulnerabilities found present into
Javadocs
(http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html)
Most of our Javadocs were updated: android, controller...security.
If you want to make sure I did it right, just grab the tool from
http://www.oracle.com/technetwork/java/javase/downloads/java-doc-updater-tool-1955731.html
and run:
java -jar JavadocUpdaterTool.jar -R -C
/mypathtoaerogear.org/aerogear.org/docs/specs/aerogear-security/ for example
Actions you should take: Update your JDK now
(http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html)
Decisions to make:
- I don't have control over your environment (I would like to have :)).
So to get rid off people introducing this vulnerability again into our
Javadocs, what's the best approach to follow?
My suggestion is to enforce our maven javadoc plugin to make use of JDK
and JRE 7 Update 25. Thoughts?
--
abstractj
More information about the aerogear-dev
mailing list