ofbiz-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jacopo Cappellato <jacopo.cappell...@hotwaxsystems.com>
Subject Re: Security Related Issues in OFBiz
Date Tue, 19 Dec 2017 15:48:25 GMT
Hi Vivek,

the best way to go is to use a release that is part of a release branch
that is still actively maintained:

https://ofbiz.apache.org/download.html

Security vulnerabilities on active branches should be reported to the OFBiz
security list: security@ofbiz.apache.org

Thank you,

Jacopo


On Tue, Dec 19, 2017 at 6:40 AM, vivek.mi <vmvivek208@gmail.com> wrote:

> Hello All,
>
> A few issues were reported while testing my application using IBM AppScan
> tool, built upon OFBiz framework for Blackbox testing. Issues are listed as
> below:
>
> 1. Unsafe third-party link (target="_blank") in screens and forms.
>
> 2. Query Parameter in SSL Request while sending hidden fields in XML and
> FTL
> forms.
>
> 3. Body Parameters Accepted in Query
>
> 4. Archive File Download
>
> 5. Cacheable SSL Page Found
>
> Please suggest something how can i go ahead to resolve these issues. I am
> using OFBiz version 12.05.
>
> Thanks in advance,
> Vivek Mishra
>
>
>
> -----
> Vivek Mishra
> --
> Sent from: http://ofbiz.135035.n4.nabble.com/OFBiz-User-f135036.html
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message