Hi Vivek,
the best way to go is to use a release that is part of a release branch
that is still actively maintained:
https://ofbiz.apache.org/download.htmlSecurity vulnerabilities on active branches should be reported to the OFBiz
security list:
[hidden email]
Thank you,
Jacopo
On Tue, Dec 19, 2017 at 6:40 AM, vivek.mi <
[hidden email]> wrote:
> Hello All,
>
> A few issues were reported while testing my application using IBM AppScan
> tool, built upon OFBiz framework for Blackbox testing. Issues are listed as
> below:
>
> 1. Unsafe third-party link (target="_blank") in screens and forms.
>
> 2. Query Parameter in SSL Request while sending hidden fields in XML and
> FTL
> forms.
>
> 3. Body Parameters Accepted in Query
>
> 4. Archive File Download
>
> 5. Cacheable SSL Page Found
>
> Please suggest something how can i go ahead to resolve these issues. I am
> using OFBiz version 12.05.
>
> Thanks in advance,
> Vivek Mishra
>
>
>
> -----
> Vivek Mishra
> --
> Sent from:
http://ofbiz.135035.n4.nabble.com/OFBiz-User-f135036.html>