[
https://issues.apache.org/jira/browse/OFBIZ-11353?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17039809#comment-17039809 ]
ASF subversion and git services commented on OFBIZ-11353:
---------------------------------------------------------
Commit fea0078fc30327be42f1a82982c07ae2da7f8357 in ofbiz-framework's branch refs/heads/release18.12 from Jacques Le Roux
[
https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=fea0078 ]
Fixed: Temporarily comment out the "stream" request-map in commonext controller
for security reason
(OFBIZ-11353)
A vulnerability has been reported to the OFBiz security team. To be able to
release the 17.12.01 version with this vulnerability fixed we need to require
(maybe only temporarily) the "stream" request-map in commonext controller
to need authentication.
We will later check that this has no impact and if necessary remove the
mandatory authentication, see OFBIZ-11349
> Temporarily comment out the "stream" request-map in commonext controller.xml for security reason
> ------------------------------------------------------------------------------------------------
>
> Key: OFBIZ-11353
> URL:
https://issues.apache.org/jira/browse/OFBIZ-11353> Project: OFBiz
> Issue Type: Bug
> Components: ALL COMPONENTS
> Affects Versions: Upcoming Branch, Release Branch 17.12, Release Branch 18.12
> Reporter: Jacques Le Roux
> Assignee: Jacques Le Roux
> Priority: Blocker
> Fix For: 17.12.01, Upcoming Branch, Release Branch 18.12
>
>
> A vulnerability has been reported to the OFBiz security team. To be able to release the 17.12.01 version with this vulnerability fixed we need to temporarily comment out the "stream" request-map in commonext controller. We will later fix the specific issue to put back the functionnalities allowed by the "stream" request-map in commonext controller.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
Locked
