[
https://issues.apache.org/jira/browse/OFBIZ-11353?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jacques Le Roux updated OFBIZ-11353:
------------------------------------
Summary: For security reason require authenticationfor the "stream" request-map in commonext controller.xml (was: Temporarily comment out the "stream" request-map in commonext controller.xml for security reason)
> For security reason require authenticationfor the "stream" request-map in commonext controller.xml
> ---------------------------------------------------------------------------------------------------
>
> Key: OFBIZ-11353
> URL:
https://issues.apache.org/jira/browse/OFBIZ-11353> Project: OFBiz
> Issue Type: Bug
> Components: ALL COMPONENTS
> Affects Versions: Upcoming Branch, Release Branch 17.12, Release Branch 18.12
> Reporter: Jacques Le Roux
> Assignee: Jacques Le Roux
> Priority: Blocker
> Fix For: 17.12.01, Upcoming Branch, Release Branch 18.12
>
>
> A vulnerability has been reported to the OFBiz security team. To be able to release the 17.12.01 version with this vulnerability fixed we need to temporarily comment out the "stream" request-map in commonext controller. We will later fix the specific issue to put back the functionnalities allowed by the "stream" request-map in commonext controller.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
Locked
