This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch trunk
in repository
https://gitbox.apache.org/repos/asf/ofbiz-plugins.gitThe following commit(s) were added to refs/heads/trunk by this push:
new c004c8f Improved: Temporarily comment out the "stream" request-map in ecommerce controller for security reason (OFBIZ-11348)
c004c8f is described below
commit c004c8f00bb5ed5f5e16a9c0470cf177e53fe6ff
Author: Jacques Le Roux <
[hidden email]>
AuthorDate: Fri Feb 14 10:22:15 2020 +0100
Improved: Temporarily comment out the "stream" request-map in ecommerce
controller for security reason
(OFBIZ-11348)
No functional change, simply amend the comment
---
ecommerce/webapp/ecommerce/WEB-INF/controller.xml | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/ecommerce/webapp/ecommerce/WEB-INF/controller.xml b/ecommerce/webapp/ecommerce/WEB-INF/controller.xml
index 6dc8706..b26a528 100644
--- a/ecommerce/webapp/ecommerce/WEB-INF/controller.xml
+++ b/ecommerce/webapp/ecommerce/WEB-INF/controller.xml
@@ -1821,10 +1821,11 @@ under the License.
<response name="error" type="view" value="main"/>
</request-map>
-<!-- A vulnerability has been reported to the OFBiz security team. We were able to quickly and quietly fix it in supported versions,
- but in the ecommerce component. To be able to release the 17.12.01 version with this vulnerability fixed we need to temporarily
- comment out the "stream" request-map in ecommerce controller. We will later fix the specific issue in ecommerce to put back the
- functionnalities allowed by the "stream" request-map in ecommerce controller. See OFBIZ-11348 -->
+<!-- A vulnerability has been reported to the OFBiz security team.
+ To be able to release the 17.12.01 version with this vulnerability fixed we need to temporarily
+ comment out the "stream" request-map in this controller. We will later fix the specific issue to put back the
+ functionalities allowed by the "stream" request-map in this controller, see OFBIZ-11353
+ This will be later be put back with OFBIZ-11349 -->
<!-- <request-map uri="stream">
<event type="java" path="org.apache.ofbiz.content.data.DataEvents" invoke="serveObjectData"/>
<response name="success" type="none"/>