[
https://issues.apache.org/jira/browse/OFBIZ-11349?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17039803#comment-17039803 ]
ASF subversion and git services commented on OFBIZ-11349:
---------------------------------------------------------
Commit 72d1995d39ec43c7f65b934c0b1d469caf518679 in ofbiz-framework's branch refs/heads/trunk from Jacques Le Roux
[
https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=72d1995 ]
Fixed: Temporarily comment out the "stream" request-map in commonext controller
for security reason
(OFBIZ-11353)
A vulnerability has been reported to the OFBiz security team. To be able to
release the 17.12.01 version with this vulnerability fixed we need to require
(maybe only temporarily) the "stream" request-map in commonext controller
to need authentication.
We will later check that this has no impact and if necessary remove the
mandatory authentication, see OFBIZ-11349
> Put back the "stream" request-map in ecommerce and commonext controllers
> -------------------------------------------------------------------------
>
> Key: OFBIZ-11349
> URL:
https://issues.apache.org/jira/browse/OFBIZ-11349> Project: OFBiz
> Issue Type: Bug
> Components: ecommerce
> Affects Versions: Trunk, Release Branch 17.12, Release Branch 18.12
> Reporter: Jacques Le Roux
> Priority: Major
>
> For security reason the "stream" request-map in ecommerce and commonext controllers have been temporarily commented out.
> This issue to fix the specific issue to put back the functionnalities allowed by the "stream" request-map in ecommerce and commonext controller.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
Locked
