Hi,
I have created
https://issues.apache.org/jira/browse/OFBIZ-12196 for that
As I said there, without answers in a week I'll do so...
Jacques
Le 12/03/2021 à 09:19, Jacques Le Roux a écrit :
> Hi,
>
> After fixing this issue, I believe we should use Freemarker 2.3.31 in all supported branches because of possible (low but who knows...) security
> issues fixed since 2.3.30
>
> What do you think?
>
> Jacques
>
> Le 12/03/2021 à 09:01, ASF subversion and git services (Jira) a écrit :
>> [
>>
https://issues.apache.org/jira/browse/OFBIZ-12195?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17300124#comment-17300124
>> ]
>>
>> ASF subversion and git services commented on OFBIZ-12195:
>> ---------------------------------------------------------
>>
>> Commit 9dd2a255e95c10588004e4fdfb794ab23d173103 in ofbiz-framework's branch refs/heads/release17.12 from Jacques Le Roux
>> [
https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=9dd2a25 ]
>>
>> Fixed: webtools/control/threadList no longer works on trunk (only) (OFBIZ-12195)
>>
>> It works if we downgrade Freemarker to 2.3.28 as in R18 and even using 2.3.29,
>> not 2.3.30.
>>
>> Handles things at the Groovy level, ie put in context, rather than creating
>> in Freemarker template.
>>
>> It's backported, even if it's not a pb but in trunk, because it's a (low)
>> security issue.
>>
>>
>>> webtools/control/threadList no longer works on trunk (only)
>>> -----------------------------------------------------------
>>>
>>> Key: OFBIZ-12195
>>> URL:
https://issues.apache.org/jira/browse/OFBIZ-12195>>> Project: OFBiz
>>> Issue Type: Sub-task
>>> Components: framework/webtools
>>> Affects Versions: Trunk
>>> Reporter: Jacques Le Roux
>>> Assignee: Jacques Le Roux
>>> Priority: Major
>>> Fix For: Upcoming Branch
>>>
>>>
>>> This can be currently tested at
https://demo-trunk.ofbiz.apache.org/webtools/control/threadList>>> R18 and R17 are OK
>>
>>
>> --
>> This message was sent by Atlassian Jira
>> (v8.3.4#803005)
>
Locked
