openoffice-api mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Weir <>
Subject [ANNOUNCEMENT] Javadoc HTML frame injection vulnerability and AOO SDK
Date Fri, 21 Jun 2013 12:31:29 GMT
We've published a security bulletin and patch for the Apache
OpenOffice 3.4.1 SDK.

Due to a flaw in JavaDoc generated API documentation, one of the files
in the 3.4.1 SDK is vulnerable to an HTML frame injection attack.

Details on the issue, and a patched HTML file, can be found here:

Note: this impacts only installations of the SDK.  Normal end-user
installs of Apache OpenOffice are not impacted.


Rob Weir
Apache OpenOffice Security Team

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message