[
https://issues.apache.org/jira/browse/OFBIZ-11353?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17039802#comment-17039802 ]
ASF subversion and git services commented on OFBIZ-11353:
---------------------------------------------------------
Commit 72d1995d39ec43c7f65b934c0b1d469caf518679 in ofbiz-framework's branch refs/heads/trunk from Jacques Le Roux
[
https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=72d1995 ]
Fixed: Temporarily comment out the "stream" request-map in commonext controller
for security reason
(OFBIZ-11353)
A vulnerability has been reported to the OFBiz security team. To be able to
release the 17.12.01 version with this vulnerability fixed we need to require
(maybe only temporarily) the "stream" request-map in commonext controller
to need authentication.
We will later check that this has no impact and if necessary remove the
mandatory authentication, see OFBIZ-11349
> Temporarily comment out the "stream" request-map in commonext controller.xml for security reason
> ------------------------------------------------------------------------------------------------
>
> Key: OFBIZ-11353
> URL:
https://issues.apache.org/jira/browse/OFBIZ-11353> Project: OFBiz
> Issue Type: Bug
> Components: ALL COMPONENTS
> Affects Versions: Upcoming Branch, Release Branch 17.12, Release Branch 18.12
> Reporter: Jacques Le Roux
> Assignee: Jacques Le Roux
> Priority: Blocker
> Fix For: 17.12.01, Upcoming Branch, Release Branch 18.12
>
>
> A vulnerability has been reported to the OFBiz security team. To be able to release the 17.12.01 version with this vulnerability fixed we need to temporarily comment out the "stream" request-map in commonext controller. We will later fix the specific issue to put back the functionnalities allowed by the "stream" request-map in commonext controller.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
Locked
