[
https://issues.apache.org/jira/browse/OFBIZ-11348?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17036835#comment-17036835 ]
ASF subversion and git services commented on OFBIZ-11348:
---------------------------------------------------------
Commit 6e7f6a44954630bd4d204e736629adbb84996e49 in ofbiz-plugins's branch refs/heads/release17.12 from Jacques Le Roux
[
https://gitbox.apache.org/repos/asf?p=ofbiz-plugins.git;h=6e7f6a4 ]
Improved: Temporarily comment out the "stream" request-map in ecommerce
controller for security reason
(OFBIZ-11348)
No functional change, simply amend the comment
> Temporarily comment out the "stream" request-map in ecommerce controller for security reason
> --------------------------------------------------------------------------------------------
>
> Key: OFBIZ-11348
> URL:
https://issues.apache.org/jira/browse/OFBIZ-11348> Project: OFBiz
> Issue Type: Sub-task
> Components: ecommerce
> Affects Versions: Upcoming Branch, Release Branch 17.12, Release Branch 18.12
> Reporter: Jacques Le Roux
> Assignee: Jacques Le Roux
> Priority: Blocker
> Fix For: 17.12.01, Upcoming Branch, Release Branch 18.12
>
>
> A vulnerability has been reported to the OFBiz security team. To be able to release the 17.12.01 version with this vulnerability fixed we need to temporarily comment out the "stream" request-map in ecommerce controller. We will later fix the specific issue in ecommerce to put back the functionnalities allowed by the "stream" request-map in ecommerce controller.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
Locked
