svn commit: r1736435 - in /ofbiz/branches/release15.12: ./ .classpath LICENSE framework/base/lib/xstream-1.4
Locked
svn commit: r1736435 - in /ofbiz/branches/release15.12: ./ .classpath LICENSE framework/base/lib/xstream-1.4
 
|
Author: jleroux
Date: Thu Mar 24 12:16:14 2016 New Revision: 1736435 URL: http://svn.apache.org/viewvc?rev=1736435&view=rev Log: "Applied fix from trunk for revision: 1736434 " ------------------------------------------------------------------------ r1736434 | jleroux | 2016-03-24 13:12:11 +0100 (jeu. 24 mars 2016) | 7 lignes Fixes "Update XStream lib to prevent XML External Entity (XXE) Processing" - https://issues.apache.org/jira/browse/OFBIZ-6959 The XStream team has released the 1.4.9 stable version in March 15, 2016 This version fixes the XML External Entity (XXE) Processing security issue https://www.owasp.org/index.php/XML_External_Entity_%28XXE%29_Processing Since OFBiz uses the DomDriver, with Java 6 at least in supported releases, OFBiz seems not really vulnerable https://x-stream.github.io/faq.html#Security_XXEVulnerability, but better to be safe than sorry, notably for not OOTB uses... ------------------------------------------------------------------------ Added: ofbiz/branches/release15.12/framework/base/lib/xstream-1.4.9.jar - copied unchanged from r1736434, ofbiz/trunk/framework/base/lib/xstream-1.4.9.jar Removed: ofbiz/branches/release15.12/framework/base/lib/xstream-1.4.6.jar Modified: ofbiz/branches/release15.12/ (props changed) ofbiz/branches/release15.12/.classpath ofbiz/branches/release15.12/LICENSE Propchange: ofbiz/branches/release15.12/ ------------------------------------------------------------------------------ --- svn:mergeinfo (original) +++ svn:mergeinfo Thu Mar 24 12:16:14 2016 @@ -9,4 +9,4 @@ /ofbiz/branches/json-integration-refactoring:1634077-1635900 /ofbiz/branches/multitenant20100310:921280-927264 /ofbiz/branches/release13.07:1547657 -/ofbiz/trunk:1722712,1723007,1723248,1724402,1724411,1724566,1724689,1724763,1724916,1724918,1724925,1724930,1724940,1724943,1724946,1724951,1724957,1724975,1724978,1725006,1725217,1725257,1725561,1725574,1726388,1726486,1726493,1726828,1728398,1728411,1729005,1729078,1729609,1729809,1730035,1730456,1730735-1730736,1730747,1730758,1730882,1730889,1731382,1731396,1732454,1732570,1732721,1733951,1733956,1734246,1734269,1734276,1734912,1734918,1735244,1735385,1735398,1735569,1735731,1735734,1735750,1735753,1735756,1735759,1735773,1736083,1736087,1736272 +/ofbiz/trunk:1722712,1723007,1723248,1724402,1724411,1724566,1724689,1724763,1724916,1724918,1724925,1724930,1724940,1724943,1724946,1724951,1724957,1724975,1724978,1725006,1725217,1725257,1725561,1725574,1726388,1726486,1726493,1726828,1728398,1728411,1729005,1729078,1729609,1729809,1730035,1730456,1730735-1730736,1730747,1730758,1730882,1730889,1731382,1731396,1732454,1732570,1732721,1733951,1733956,1734246,1734269,1734276,1734912,1734918,1735244,1735385,1735398,1735569,1735731,1735734,1735750,1735753,1735756,1735759,1735773,1736083,1736087,1736272,1736434 Modified: ofbiz/branches/release15.12/.classpath URL: http://svn.apache.org/viewvc/ofbiz/branches/release15.12/.classpath?rev=1736435&r1=1736434&r2=1736435&view=diff ============================================================================== --- ofbiz/branches/release15.12/.classpath (original) +++ ofbiz/branches/release15.12/.classpath Thu Mar 24 12:16:14 2016 @@ -58,7 +58,6 @@ <classpathentry kind="lib" path="framework/base/lib/xml-apis-1.4.01.jar"/> <classpathentry kind="lib" path="framework/base/lib/xml-apis-ext-1.3.04.jar"/> <classpathentry kind="lib" path="framework/base/lib/xpp3-1.1.4c.jar"/> - <classpathentry kind="lib" path="framework/base/lib/xstream-1.4.6.jar"/> <classpathentry kind="lib" path="framework/base/lib/zxing-core-3.2.0.jar"/> <classpathentry kind="lib" path="framework/base/lib/ant/ant-1.9.0-ant-apache-bsf.jar"/> <classpathentry kind="lib" path="framework/base/lib/commons/commons-beanutils-core-1.8.3.jar"/> @@ -202,5 +201,6 @@ <classpathentry kind="lib" path="framework/catalina/lib/tomcat-7.0.68-tomcat-util.jar"/> <classpathentry kind="lib" path="framework/catalina/lib/tomcat-extras-7.0.68-tomcat-juli-adapters.jar"/> <classpathentry kind="lib" path="framework/catalina/lib/tomcat-extras-7.0.68-tomcat-juli.jar"/> + <classpathentry kind="lib" path="framework/base/lib/xstream-1.4.9.jar"/> <classpathentry kind="output" path="bin"/> </classpath> Modified: ofbiz/branches/release15.12/LICENSE URL: http://svn.apache.org/viewvc/ofbiz/branches/release15.12/LICENSE?rev=1736435&r1=1736434&r2=1736435&view=diff ============================================================================== --- ofbiz/branches/release15.12/LICENSE (original) +++ ofbiz/branches/release15.12/LICENSE Thu Mar 24 12:16:14 2016 @@ -450,7 +450,7 @@ framework/base/lib/httpunit-1.7.jar framework/base/lib/ical4j-1.0-rc2.jar framework/base/lib/javolution-5.4.3.jar framework/base/lib/xpp3-1.1.4c.jar -framework/base/lib/xstream-1.4.6.jar +framework/base/lib/xstream-1.4.9.jar framework/base/lib/esapi-2.1.0.jar framework/base/lib/scripting/antlr-2.7.6.jar framework/base/lib/scripting/asm-3.2.jar |
«
Return to OFBiz - Commits
|
1 view|%1 views
| Free forum by Nabble | Edit this page |