[
https://issues.apache.org/jira/browse/OFBIZ-11348?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jacques Le Roux updated OFBIZ-11348:
------------------------------------
Description: A vulnerability has been reported to the OFBiz security team. To be able to release the 17.12.01 version with this vulnerability fixed we need to temporarily comment out the "stream" request-map in ecommerce controller. We will later fix the specific issue in ecommerce to put back the functionnalities allowed by the "stream" request-map in ecommerce controller. (was: A vulnerability has been reported to the OFBiz security team. We were able to quickly and quietly fix it in supported versions, but in the ecommerce component. To be able to release the 17.12.01 version with this vulnerability fixed we need to temporarily comment out the "stream" request-map in ecommerce controller. We will later fix the specific issue in ecommerce to put back the functionnalities allowed by the "stream" request-map in ecommerce controller.)
> Temporarily comment out the "stream" request-map in ecommerce controller for security reason
> --------------------------------------------------------------------------------------------
>
> Key: OFBIZ-11348
> URL:
https://issues.apache.org/jira/browse/OFBIZ-11348> Project: OFBiz
> Issue Type: Sub-task
> Components: ecommerce
> Affects Versions: Upcoming Branch, Release Branch 17.12, Release Branch 18.12
> Reporter: Jacques Le Roux
> Assignee: Jacques Le Roux
> Priority: Blocker
> Fix For: 17.12.01, Upcoming Branch, Release Branch 18.12
>
>
> A vulnerability has been reported to the OFBiz security team. To be able to release the 17.12.01 version with this vulnerability fixed we need to temporarily comment out the "stream" request-map in ecommerce controller. We will later fix the specific issue in ecommerce to put back the functionnalities allowed by the "stream" request-map in ecommerce controller.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
Locked
