[ofbiz-plugins] branch release17.12 updated: Improved: Temporarily comment out the "stream" request-map in ecommerce controller for security reason (OFBIZ-11348)

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[ofbiz-plugins] branch release17.12 updated: Improved: Temporarily comment out the "stream" request-map in ecommerce controller for security reason (OFBIZ-11348)

jleroux@apache.org
This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch release17.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-plugins.git


The following commit(s) were added to refs/heads/release17.12 by this push:
     new 6e7f6a4  Improved: Temporarily comment out the "stream" request-map in ecommerce controller for security reason (OFBIZ-11348)
6e7f6a4 is described below

commit 6e7f6a44954630bd4d204e736629adbb84996e49
Author: Jacques Le Roux <[hidden email]>
AuthorDate: Fri Feb 14 10:22:15 2020 +0100

    Improved: Temporarily comment out the "stream" request-map in ecommerce
    controller for security reason
    (OFBIZ-11348)
   
    No functional change, simply amend the comment
---
 ecommerce/webapp/ecommerce/WEB-INF/controller.xml | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/ecommerce/webapp/ecommerce/WEB-INF/controller.xml b/ecommerce/webapp/ecommerce/WEB-INF/controller.xml
index 3afb377..c09031e 100644
--- a/ecommerce/webapp/ecommerce/WEB-INF/controller.xml
+++ b/ecommerce/webapp/ecommerce/WEB-INF/controller.xml
@@ -1834,10 +1834,11 @@ under the License.
         <response name="error" type="view" value="main"/>
     </request-map>
 
-<!--  A vulnerability has been reported to the OFBiz security team. We were able to quickly and quietly fix it in supported versions,
-      but in the ecommerce component. To be able to release the 17.12.01 version with this vulnerability fixed we need to temporarily
-      comment out the "stream" request-map in ecommerce controller. We will later fix the specific issue in ecommerce to put back the
-      functionnalities allowed by the "stream" request-map in ecommerce controller.  See OFBIZ-11348 -->
+<!--  A vulnerability has been reported to the OFBiz security team.
+      To be able to release the 17.12.01 version with this vulnerability fixed we need to temporarily
+      comment out the "stream" request-map in this controller. We will later fix the specific issue to put back the
+      functionalities allowed by the "stream" request-map in this controller, see OFBIZ-11353
+      This will be later be put back with OFBIZ-11349 -->
 <!--     <request-map uri="stream">
         <event type="java" path="org.apache.ofbiz.content.data.DataEvents" invoke="serveObjectData"/>
         <response name="success" type="none"/>