Thanks Deepak,
And please Joseph Francois, your message has been moderated, else it would not have reach this Mailing List.
Please subscribe to the user ML for such questions and then use your email client.
See why here
http://ofbiz.apache.org/mailing-lists.html.
You will get a better support, people can answer you on the ML.
The wider the audience the better the answers you might get.
Also it's more work for moderators who have to accept your messages as long as you have not subscribed.
I'll personally no longer accept them and this is really the last time(other moderators still could).
Thanks
Jacques
Le 04/05/2020 à 11:53, Deepak Dixit a écrit :
> Hi Joseph Francois,
>
> Please check the security.properties file and add your host
> in host-headers-allowed property.
> Please refer [1] for more detail.
>
>
> [1]
https://issues.apache.org/jira/browse/OFBIZ-11583>
>
> Thanks & Regards
> --
> Deepak Dixit
> ofbiz.apache.org
>
>
> On Mon, May 4, 2020 at 3:19 PM Joseph Francois <
[hidden email]>
> wrote:
>
>> Hello Jacques,
>>
>> I installed 17.12.03 from scratch and I still get "
>>
>> : Domain x.x.x.x not accepted to prevent host header injection"
>>
>> What am I doing wrong?
>>
>> I have version 16 working.
>>
>> Regards,
>> Joseph
>> On 2020/04/30 12:11:13, Jacques Le Roux <
[hidden email]>
>> wrote:
>>> Severity:
>>> Important
>>>
>>> Vendor:
>>> The Apache Software Foundation
>>>
>>> Versions Affected:
>>> OFBiz 17.12.01
>>>
>>> Description:
>>> Apache OFBiz is vulnerable to Host header injection by accepting
>> arbitrary hosts
>>> Mitigation:
>>> Upgrade to 17.12.03 or manually apply the commit at OFBIZ-11583
>>> ----
>>>
>>> Credit:
>>> Pradeep Jairamani <
[hidden email]>
>>>
>>> References:
>>>
https://ofbiz.apache.org/security.html>>>
>>>
Locked
