Hi all, as you most probably know Oracle's javadoc tool prior to Java 7u25 creates javadocs with a frame injection vulnerability - see CVE-2013-1571, VU#225657 for details.
The javadoc task in trunk contains a patch based on code by Uwe Schindler of the Lucene community that postprocesses javadoc's output, identifies vulnerable pages and fixes them. This is similar to the patch applied to Maven's javadoc plugin which led to their version 2.9.1. Do we want to cut an Ant release to help Ant users to get around the vulnerability or is the macrodef I've added to the online manual enough in our view? If enough people think we should cut a release then I guess I'm volunteering to be the RM. Stefan --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@ant.apache.org For additional commands, e-mail: dev-h...@ant.apache.org
