[
https://issues.apache.org/jira/browse/OFBIZ-11349?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17036829#comment-17036829 ]
ASF subversion and git services commented on OFBIZ-11349:
---------------------------------------------------------
Commit 9db0d8f2fb2846bf218c55fb6e1e02a8730789bb in ofbiz-framework's branch refs/heads/trunk from Jacques Le Roux
[
https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=9db0d8f ]
Fixed: Temporarily comment out the "stream" request-map in ecommerce controller
for security reason
(OFBIZ-11353)
A vulnerability has been reported to the OFBiz security team. To be able to
release the 17.12.01 version with this vulnerability fixed we need to
temporarily comment out the "stream" request-map in commonext controller.
We will later fix the specific issue to put back the functionalities allowed by
the "stream" request-map in this controller, see OFBIZ-11349
> Put back the "stream" request-map in ecommerce and commonext controllers
> -------------------------------------------------------------------------
>
> Key: OFBIZ-11349
> URL:
https://issues.apache.org/jira/browse/OFBIZ-11349> Project: OFBiz
> Issue Type: Bug
> Components: ecommerce
> Affects Versions: Trunk, Release Branch 17.12, Release Branch 18.12
> Reporter: Jacques Le Roux
> Priority: Major
>
> For security reason the "stream" request-map in ecommerce and commonext controllers have been temporarily commented out.
> This issue to fix the specific issue to put back the functionnalities allowed by the "stream" request-map in ecommerce and commonext controller.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
Locked
