[releng] Fixing javadoc vulnerability

eclipse-ocl / org.eclipse.ocl

Eclipse Public License 2.0

0 stars 0 forks source link

[releng] Fixing javadoc vulnerability #1127

Closed eclipse-ocl-bot closed 1 month ago

eclipse-ocl-bot commented 1 month ago

| --- | --- | | Bugzilla Link | 411228 | | Status | CLOSED FIXED | | Importance | P3 critical | | Reported | Jun 20, 2013 07:13 EDT | | Modified | May 25, 2015 17:19 EDT | | Reporter | Adolfo Sanchez-Barbudo Herrera |

Description

Coming from Bug 411128

Actions I understand we must do:

Fixing generated javadoc (see Bug 411128 comment 15)
Ensuring that our javadoc is created with an updated JDK (/shared/common/jdk1.7.0_25)

eclipse-ocl-bot commented 1 month ago

By Adolfo Sanchez-Barbudo Herrera on Jun 21, 2013 09:48

As commented in Bug 411128 comment 19, 1 is/will be fixed by webmaster.

Looking at 2.

eclipse-ocl-bot commented 1 month ago

By Adolfo Sanchez-Barbudo Herrera on Jun 28, 2013 07:52

Last master build log[1] (activating javadoc management) tells us our builds are using java 1.6 to produce the javadoc.

The java home is not established at any point, from our side. So I guess that it should be using some hudson default settings.

In order to avoid side effects in other parts of the build process, I'll try to set this java.home only in this phase (javadoc creation).

[1] https://hudson.eclipse.org/hudson/job/buckminster-ocl-tools-luna-master/491/consoleFull

Cheers,\ Adolfo.

eclipse-ocl-bot commented 1 month ago

By Adolfo Sanchez-Barbudo Herrera on Jul 01, 2013 05:37

Last successful OCL Master build [1] contains the fix for this issue, which basically uses the latest Java 1.7 SDK to create the javadoc

After promoting that build, I've done the corresponding check[2] to find vulnerabilities. The tool doesn't complain about the new javadoc for the future Eclipse Luna 4.2.0 version.

branch asbh/411228 merged into master and pushed.

Resolving as fixed.

[1] https://hudson.eclipse.org/hudson/job/buckminster-ocl-tools-luna-master/495/\ [2] @build:~/downloads/modeling/mdt/ocl/javadoc> /shared/common/jdk1.7.0_25/bin/java -jar /shared/common/JavadocUpdaterTool-1_2_2013/JavadocUpdaterTool.jar -R -C 4.2.0/\ Java Documentation Updater Tool version 1.2 06/14/2013

@build:~/downloads/modeling/mdt/ocl/javadoc>

eclipse-ocl-bot commented 1 month ago

By Ed Willink on May 25, 2015 17:19

CLOSED after more than a year in the RESOLVED state.