Return-Path: X-Original-To: apmail-ofbiz-user-archive@www.apache.org Delivered-To: apmail-ofbiz-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 5249818C6F for ; Tue, 1 Dec 2015 06:29:56 +0000 (UTC) Received: (qmail 97281 invoked by uid 500); 1 Dec 2015 06:29:55 -0000 Delivered-To: apmail-ofbiz-user-archive@ofbiz.apache.org Received: (qmail 97224 invoked by uid 500); 1 Dec 2015 06:29:55 -0000 Mailing-List: contact user-help@ofbiz.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@ofbiz.apache.org Delivered-To: mailing list user@ofbiz.apache.org Received: (qmail 97213 invoked by uid 99); 1 Dec 2015 06:29:55 -0000 Received: from Unknown (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 01 Dec 2015 06:29:55 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id E3AB9C6AA5 for ; Tue, 1 Dec 2015 06:29:54 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 3.48 X-Spam-Level: *** X-Spam-Status: No, score=3.48 tagged_above=-999 required=6.31 tests=[KAM_LAZY_DOMAIN_SECURITY=1, KAM_LINKBAIT=2.5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01] autolearn=disabled Received: from mx1-us-west.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id iq5wJ2nhKNtL for ; Tue, 1 Dec 2015 06:29:53 +0000 (UTC) Received: from smtp25.services.sfr.fr (smtp25.services.sfr.fr [93.17.128.118]) by mx1-us-west.apache.org (ASF Mail Server at mx1-us-west.apache.org) with ESMTPS id 43A6821053 for ; Tue, 1 Dec 2015 06:29:53 +0000 (UTC) Received: from filter.sfr.fr (localhost [77.130.227.147]) by msfrf2502.sfr.fr (SMTP Server) with ESMTP id 5D4F070000A1 for ; Tue, 1 Dec 2015 07:29:45 +0100 (CET) Authentication-Results: sfrmc.priv.atos.fr; dkim=none (no signature); dkim-adsp=permerror (cannot check policy: Unable to verify) header.from= jacques.le.roux@les7arts.com Received: from [192.168.1.2] (147.227.130.77.rev.sfr.net [77.130.227.147]) by msfrf2502.sfr.fr (SMTP Server) with ESMTP id 24FC770000A0 for ; Tue, 1 Dec 2015 07:29:45 +0100 (CET) X-SFR-UUID: 20151201062945151.24FC770000A0@msfrf2502.sfr.fr To: "user@ofbiz.apache.org" From: Jacques Le Roux Subject: OFBiz security Organization: Les Arts Informatiques Message-ID: <565D3E67.7080506@les7arts.com> Date: Tue, 1 Dec 2015 07:29:59 +0100 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Hi, I have created this WIP wiki page to share my knowledge about OFBiz security and especially to warn users about the current Java unserialize vulnerability. Be sure to read at least the "Be safe" warning. https://cwiki.apache.org/confluence/display/OFBIZ/Keeping+OFBiz+secure HTH Jacques