[
https://issues.apache.org/jira/browse/OFBIZ-11349?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17039810#comment-17039810 ]
ASF subversion and git services commented on OFBIZ-11349:
---------------------------------------------------------
Commit fea0078fc30327be42f1a82982c07ae2da7f8357 in ofbiz-framework's branch refs/heads/release18.12 from Jacques Le Roux
[
https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=fea0078 ]
Fixed: Temporarily comment out the "stream" request-map in commonext controller
for security reason
(OFBIZ-11353)
A vulnerability has been reported to the OFBiz security team. To be able to
release the 17.12.01 version with this vulnerability fixed we need to require
(maybe only temporarily) the "stream" request-map in commonext controller
to need authentication.
We will later check that this has no impact and if necessary remove the
mandatory authentication, see OFBIZ-11349
> Put back the "stream" request-map in ecommerce and commonext controllers
> -------------------------------------------------------------------------
>
> Key: OFBIZ-11349
> URL:
https://issues.apache.org/jira/browse/OFBIZ-11349> Project: OFBiz
> Issue Type: Bug
> Components: ecommerce
> Affects Versions: Trunk, Release Branch 17.12, Release Branch 18.12
> Reporter: Jacques Le Roux
> Priority: Major
>
> For security reason, the "stream" request-map
> # in ecommerce controller have been temporarily commented out.
> # in commonext controller has been changed to require authentication.
> We will need to
> # put back the functionnalities allowed by the "stream" request-map in ecommerce .
> # later check that mandatory authentication in commonext controller no impact.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
Locked
