OFBiz OFBiz - Commits

svn commit: r1749221 - in /ofbiz/branches/release15.12: ./ .classpath LICENSE build.xml framework/base/lib/shiro-core-1.2.3.jar framework/base/lib/shiro-core-1.2.5.jar

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
jleroux@apache.org
Reply | Threaded
Open this post in threaded view
|

svn commit: r1749221 - in /ofbiz/branches/release15.12: ./ .classpath LICENSE build.xml framework/base/lib/shiro-core-1.2.3.jar framework/base/lib/shiro-core-1.2.5.jar

jleroux@apache.org
Author: jleroux
Date: Sun Jun 19 22:30:58 2016
New Revision: 1749221

URL: http://svn.apache.org/viewvc?rev=1749221&view=rev
Log:
"Applied fix from trunk for revision: 1749220  "
------------------------------------------------------------------------
r1749220 | jleroux | 2016-06-20 00:30:06 +0200 (lun. 20 juin 2016) | 5 lignes

Updates Shiro to 1.2.5 (CVE-2016-4437) - https://issues.apache.org/jira/browse/OFBIZ-7373

Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.

Details at https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4437
------------------------------------------------------------------------


Added:
    ofbiz/branches/release15.12/framework/base/lib/shiro-core-1.2.5.jar
      - copied unchanged from r1749220, ofbiz/trunk/framework/base/lib/shiro-core-1.2.5.jar
Removed:
    ofbiz/branches/release15.12/framework/base/lib/shiro-core-1.2.3.jar
Modified:
    ofbiz/branches/release15.12/   (props changed)
    ofbiz/branches/release15.12/.classpath
    ofbiz/branches/release15.12/LICENSE
    ofbiz/branches/release15.12/build.xml

Propchange: ofbiz/branches/release15.12/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Sun Jun 19 22:30:58 2016
@@ -9,4 +9,4 @@
 /ofbiz/branches/json-integration-refactoring:1634077-1635900
 /ofbiz/branches/multitenant20100310:921280-927264
 /ofbiz/branches/release13.07:1547657
-/ofbiz/trunk:1722712,1723007,1723248,1724402,1724411,1724566,1724689,1724763,1724916,1724918,1724925,1724930,1724940,1724943,1724946,1724951,1724957,1724975,1724978,1725006,1725217,1725257,1725561,1725574,1726388,1726486,1726493,1726828,1727894,1728398,1728411,1729005,1729078,1729609,1729809,1730035,1730456,1730735-1730736,1730747,1730758,1730882,1730889,1731382,1731396,1732454,1732570,1732721,1733951,1733956,1734246,1734269,1734276,1734912,1734918,1735021,1735244,1735385,1735398,1735569,1735731,1735734,1735750,1735753,1735756,1735759,1735773,1736083,1736087,1736272,1736434,1736628,1736851,1736854,1736890,1737156,1737440,1738235,1738303,1738407,1738902,1739438,1739448,1739571,1740008,1740442,1740629,1741146,1741563,1741684,1741925,1741930,1741960,1742018,1742097,1742103,1742712,1742737,1742741,1743025,1743027,1743230,1743411-1743412,1743656,1743937,1744117,1744198,1744396,1744662,1744768,1744773,1744873,1744911,1745111,1745264,1745428,1745438,1745573,1745577,1745592,1745751,1746228,
 1746422,1746459,1746524,1746527,1746536,1746601,1746676,1746714,1746755,1746805,1746832,1746890,1747223,1747349,1747498,1747639,1747642,1747646,1747650,1747661,1747956,1747959,1747963,1748121,1748133,1748206,1748218,1748223,1748260,1748357,1748394,1748401,1748543,1748559,1748628,1748689,1748693,1748703,1748837,1748854,1748907,1748925,1748929,1748944,1748972,1749026,1749083,1749092,1749111
+/ofbiz/trunk:1722712,1723007,1723248,1724402,1724411,1724566,1724689,1724763,1724916,1724918,1724925,1724930,1724940,1724943,1724946,1724951,1724957,1724975,1724978,1725006,1725217,1725257,1725561,1725574,1726388,1726486,1726493,1726828,1727894,1728398,1728411,1729005,1729078,1729609,1729809,1730035,1730456,1730735-1730736,1730747,1730758,1730882,1730889,1731382,1731396,1732454,1732570,1732721,1733951,1733956,1734246,1734269,1734276,1734912,1734918,1735021,1735244,1735385,1735398,1735569,1735731,1735734,1735750,1735753,1735756,1735759,1735773,1736083,1736087,1736272,1736434,1736628,1736851,1736854,1736890,1737156,1737440,1738235,1738303,1738407,1738902,1739438,1739448,1739571,1740008,1740442,1740629,1741146,1741563,1741684,1741925,1741930,1741960,1742018,1742097,1742103,1742712,1742737,1742741,1743025,1743027,1743230,1743411-1743412,1743656,1743937,1744117,1744198,1744396,1744662,1744768,1744773,1744873,1744911,1745111,1745264,1745428,1745438,1745573,1745577,1745592,1745751,1746228,
 1746422,1746459,1746524,1746527,1746536,1746601,1746676,1746714,1746755,1746805,1746832,1746890,1747223,1747349,1747498,1747639,1747642,1747646,1747650,1747661,1747956,1747959,1747963,1748121,1748133,1748206,1748218,1748223,1748260,1748357,1748394,1748401,1748543,1748559,1748628,1748689,1748693,1748703,1748837,1748854,1748907,1748925,1748929,1748944,1748972,1749026,1749083,1749092,1749111,1749220

Modified: ofbiz/branches/release15.12/.classpath
URL: http://svn.apache.org/viewvc/ofbiz/branches/release15.12/.classpath?rev=1749221&r1=1749220&r2=1749221&view=diff
==============================================================================
--- ofbiz/branches/release15.12/.classpath (original)
+++ ofbiz/branches/release15.12/.classpath Sun Jun 19 22:30:58 2016
@@ -43,7 +43,7 @@
  <classpathentry kind="lib" path="framework/base/lib/owasp-java-html-sanitizer-r239.jar"/>
  <classpathentry kind="lib" path="framework/base/lib/resolver-2.9.1.jar"/>
  <classpathentry kind="lib" path="framework/base/lib/serializer-2.9.1.jar"/>
- <classpathentry kind="lib" path="framework/base/lib/shiro-core-1.2.3.jar"/>
+ <classpathentry kind="lib" path="framework/base/lib/shiro-core-1.2.5.jar"/>
  <classpathentry kind="lib" path="framework/base/lib/slf4j-api-1.6.4.jar"/>
  <classpathentry kind="lib" path="framework/base/lib/tika-core-1.12.jar"/>
  <classpathentry kind="lib" path="framework/base/lib/tika-parsers-1.12.jar"/>

Modified: ofbiz/branches/release15.12/LICENSE
URL: http://svn.apache.org/viewvc/ofbiz/branches/release15.12/LICENSE?rev=1749221&r1=1749220&r2=1749221&view=diff
==============================================================================
--- ofbiz/branches/release15.12/LICENSE (original)
+++ ofbiz/branches/release15.12/LICENSE Sun Jun 19 22:30:58 2016
@@ -42,7 +42,7 @@ framework/base/lib/nekohtml-1.9.16.jar
 framework/base/lib/pdfbox-1.8.12.jar
 framework/base/lib/resolver-2.9.1.jar
 framework/base/lib/serializer-2.9.1.jar
-framework/base/lib/shiro-core-1.2.3.jar
+framework/base/lib/shiro-core-1.2.5.jar
 framework/base/lib/tika-core-1.12.jar
 framework/base/lib/tika-parsers-1.12.jar
 framework/base/lib/ws-commons-java5-1.0.1.jar

Modified: ofbiz/branches/release15.12/build.xml
URL: http://svn.apache.org/viewvc/ofbiz/branches/release15.12/build.xml?rev=1749221&r1=1749220&r2=1749221&view=diff
==============================================================================
--- ofbiz/branches/release15.12/build.xml (original)
+++ ofbiz/branches/release15.12/build.xml Sun Jun 19 22:30:58 2016
@@ -1591,7 +1591,7 @@ under the License.
             <classpath>
                 <path location="framework/base/build/lib/ofbiz-base.jar"/>
                 <path location="framework/base/lib/commons/commons-codec-1.10.jar"/>
-                <path location="framework/base/lib/shiro-core-1.2.3.jar"/>
+                <path location="framework/base/lib/shiro-core-1.2.5.jar"/>
                 <path location="framework/base/lib/slf4j-api-1.6.4.jar"/>
             </classpath>
         </java>


Free forum by Nabble Edit this page