ofbiz-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (Jira)" <j...@apache.org>
Subject [jira] [Commented] (OFBIZ-11348) Temporarily comment out the "stream" request-map in ecommerce controller for security reason
Date Thu, 13 Feb 2020 05:56:00 GMT

    [ https://issues.apache.org/jira/browse/OFBIZ-11348?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17035936#comment-17035936
] 

ASF subversion and git services commented on OFBIZ-11348:
---------------------------------------------------------

Commit 483dba49a0f5bbe7456c1ed9002cb10e2794a2cd in ofbiz-plugins's branch refs/heads/release17.12
from Jacques Le Roux
[ https://gitbox.apache.org/repos/asf?p=ofbiz-plugins.git;h=483dba4 ]

Fixed: Temporarily comment out the "stream" request-map in ecommerce controller
for security reason
(OFBIZ-11348)

A vulnerability has been reported to the OFBiz security team. We were able to
quickly and quietly fix it in supported versions, but in the ecommerce component.
To be able to release the 17.12.01 version with this vulnerability fixed we need
to temporarily comment out the "stream" request-map in ecommerce controller.
We will later fix the specific issue in ecommerce to put back the functionnalities
allowed by the "stream" request-map in ecommerce controller.


> Temporarily comment out the "stream" request-map in ecommerce controller for security
reason
> --------------------------------------------------------------------------------------------
>
>                 Key: OFBIZ-11348
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-11348
>             Project: OFBiz
>          Issue Type: Bug
>          Components: ecommerce
>    Affects Versions: Upcoming Branch, Release Branch 17.12, Release Branch 18.12
>            Reporter: Jacques Le Roux
>            Priority: Blocker
>             Fix For: 17.12.01, Upcoming Branch, Release Branch 18.12
>
>
> A vulnerability has been reported to the OFBiz security team. We were able to quickly
and quietly fix it in supported versions, but in the ecommerce component. To be able to release
the 17.12.01 version with this vulnerability fixed we need to temporarily comment out the
"stream" request-map in ecommerce controller. We will later fix the specific issue in ecommerce
to put back the functionnalities allowed by the "stream" request-map in ecommerce controller.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message