Author: deepak
Date: Thu Apr 12 18:19:47 2018 New Revision: 1828996 URL: http://svn.apache.org/viewvc?rev=1828996&view=rev Log: Moved security vulnerabilities section from downloads page to new security.html page Added: ofbiz/site/security.html (with props) ofbiz/site/template/page/security.tpl.php - copied, changed from r1828994, ofbiz/site/template/page/download.tpl.php Modified: ofbiz/site/download.html ofbiz/site/template/page/download.tpl.php Modified: ofbiz/site/download.html URL: http://svn.apache.org/viewvc/ofbiz/site/download.html?rev=1828996&r1=1828995&r2=1828996&view=diff ============================================================================== --- ofbiz/site/download.html (original) +++ ofbiz/site/download.html Thu Apr 12 18:19:47 2018 @@ -165,28 +165,7 @@ <div class="divider"><span></span></div> <p>Older superseded releases of Apache OFBiz can be found in the <a href="//archive.apache.org/dist/ofbiz/" target="external">Apache OFBiz archive</a></p> <p><strong>NOTE: To avoid any security vulnerabilities the Apache OFBiz community highly recommend that all users upgrade to the latest stable release.</strong></p> - <p> A descriptions of each release in the history of OFBiz can be <a href="//www.apache.org/dist/ofbiz/" target="external">found here</a></p> - <h2><a id="security"></a>Security Vulnerabilities</h2> - <div class="divider"><span></span></div> - <p> <strong> We strongly encourage OfBiz users to report security problems affecting OFBiz to the private security mailing lists (either [hidden email] or [hidden email]), before disclosing them in a public forum.</strong></p> -<p>Please see the <a href="https://www.apache.org/security" target="external">ASF Security Team webpage</a> for further information about reporting a security vulnerability as well as their contact information. </p> - - <h3>List of Known Vulnerabilities</h3> - <ul class="iconsList"> - <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15714" target="external">CVE-2017-15714</a>; affected releases: from 16.11.01 to 16.11.03; fixed in 16.11.04 with revision <a href="//svn.apache.org/viewvc?view=revision&revision=1818482" target="external">1759065</a></li> - <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6800" target="external">CVE-2016-6800</a>; affected releases: 13.07.*, 12.04.*, 11.04.*; fixed in 16.11.01 with revisions <a href="//svn.apache.org/viewvc?view=revision&revision=1759065" target="external">1759065</a> and <a href="//svn.apache.org/viewvc?view=revision&revision=1759218" target="external"> 1759218</a></li> - <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4462" target="external">CVE-2016-4462</a>; affected releases: 13.07.*, 12.04.*, 11.04.*; fixed in 16.11.01 with revisions <a href="//svn.apache.org/viewvc?view=revision&revision=1761978" target="external">1761978</a>, <a href="//svn.apache.org/viewvc?view=revision&revision=1761986" target="external">1761986</a> and <a href="//svn.apache.org/viewvc?view=revision&revision=1761987" target="external"> 1761987</a></li> - <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2170" target="external">CVE-2016-2170</a>; affected releases: 13.07.02 and earlier versions (13.07.*), 12.04.05 and earlier versions (12.04.*); fixed in 13.07.03 and 12.04.06</li> - <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3268" target="external">CVE-2015-3268</a>; affected releases: 13.07.02 and earlier versions (13.07.*), 12.04.05 and earlier versions (12.04.*); fixed in 13.07.03 and 12.04.06</li> - <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0232" target="external">CVE-2014-0232</a>; affected releases: 12.04.03 and earlier versions (12.04.*), 11.04.04 and earlier versions (11.04.*); fixed in 12.04.04 and 11.04.05</li> - <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2250" target="external">CVE-2013-2250</a>; affected releases: 12.04.01, 11.04.02 and earlier versions (11.04.*), 10.04.05 and earlier versions (10.04.*); fixed in 12.04.02, 11.04.03 and 10.04.06</li> - <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2137" target="external">CVE-2013-2137</a>; affected releases: 12.04.01, 11.04.02 and earlier versions (11.04.*), 10.04.05 and earlier versions (10.04.*); fixed in 12.04.02, 11.04.03 and 10.04.06</li> - <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0177" target="external">CVE-2013-0177</a>; affected releases: 11.04.01, 10.04.04 and earlier versions (10.04.*); fixed in 11.04.02 and 10.04.05</li> - <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3506" target="external">CVE-2012-3506</a>; affected releases: 10.04.02, 10.04 (10.04.01); fixed in 10.04.03</li> - <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1622" target="external">CVE-2012-1622</a>; affected releases: 10.04 (10.04.01); fixed in 10.04.02</li> - <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1621" target="external">CVE-2012-1621</a>; affected releases: 10.04 (10.04.01); fixed in 10.04.02</li> - <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0432" target="external">CVE-2010-0432</a>; affected releases: 09.04; fixed in 09.04.01</li> - </ul> + <p> A descriptions of each release in the history of OFBiz can be <a href="//www.apache.org/dist/ofbiz/" target="external">found here</a></p> </div> </div> </div> Added: ofbiz/site/security.html URL: http://svn.apache.org/viewvc/ofbiz/site/security.html?rev=1828996&view=auto ============================================================================== --- ofbiz/site/security.html (added) +++ ofbiz/site/security.html Thu Apr 12 18:19:47 2018 @@ -0,0 +1,236 @@ +<!DOCTYPE html> +<html lang="en"> +<!--[if lt IE 7 ]><html class="ie ie6" lang="en"> <![endif]--> +<!--[if IE 7 ]><html class="ie ie7" lang="en"> <![endif]--> +<!--[if IE 8 ]><html class="ie ie8" lang="en"> <![endif]--> +<!--[if (gte IE 9)|!(IE)]><!--> +<head> +<meta charset="utf-8"> +<title>The Apache OFBiz® Project - Security</title> +<meta name="Description" content="OFBiz is an open source enterprise automation software project licensed under the Apache License. It means you are not alone and can work with many others." /> +<meta name="Robots" content="index,follow" /> +<!-- Mobile Specific Metas + ================================================== --> +<meta name="viewport" content="width=device-width, initial-scale=1.0"> +<!-- CSS + ================================================== --> +<!-- Bootstrap --> +<link type="text/css" rel="stylesheet" href="bootstrap/css/bootstrap.min.css"> +<!-- web font --> +<link href="//fonts.googleapis.com/css?family=Open+Sans:400,300,800" rel="stylesheet" type="text/css"> +<!-- plugin css --> +<link rel="stylesheet" type="text/css" href="js/plugins/pretty-photo/css/prettyPhoto.css" /> +<link rel="stylesheet" type="text/css" href="js/plugins/rs-plugin/css/settings.css" media="screen" /> +<link type="text/css" rel="stylesheet" href="js/plugins/hoverdir/css/style.css"> +<!-- icon fonts --> +<link type="text/css" rel="stylesheet" href="font-icons/custom-icons/css/custom-icons.css"> +<link type="text/css" rel="stylesheet" href="font-icons/custom-icons/css/custom-icons-ie7.css"> +<!-- Custom css --> +<link type="text/css" rel="stylesheet" href="css/layout.css"> +<link type="text/css" id="colors" rel="stylesheet" href="css/colors.css"> +<!--[if lt IE 9]><script src="//html5shim.googlecode.com/svn/trunk/html5.js"></script><![endif]--> +<!--[if gte IE 9]><style type="text/css">.iconBig, .active, .hover a , .Shover a { filter: none !important; } </style> <![endif]--> +<script src="js/modernizr-2.6.1.min.js"></script> +<!-- Favicons + ================================================== --> +<link rel="shortcut icon" href="images/favicon.ico"> +<link rel="apple-touch-icon" href="images/apple-icon.png"> +<link rel="apple-touch-icon" sizes="72x72" href="images/apple-icon-72x72.png"> +<link rel="apple-touch-icon" sizes="114x114" href="images/apple-icon-114x114.png"> +<link rel="apple-touch-icon" sizes="144x144" href="images/apple-icon-144x144.png"> +</head> +<body> +<!-- header --> +<header id="mainHeader" class="clearfix"> + <div class="navbar navbar-fixed-top"> + <div class="navbar-inner"> + <div class="container"> <a href="index.html" class="brand"><img src="images/ofbiz_logo.png" alt="Apache OFBiz Logo"/></a> + <nav id="mainMenu" class="clearfix"> + <ul> + <li><a href="index.html" class="firstLevel">Home</a></li> + <li><a href="#" class="firstLevel">Getting Started</a> + <ul> + <li><a href="developers.html" class="">Developers</a></li> + <li><a href="business-users.html" class="last">Business Users</a></li> + </ul> + </li> + <li><a href="#" class="firstLevel">News</a> + <ul> + <li><a href="//twitter.com/apacheofbiz" target="external">Twitter</a></li> + <li><a href="//blogs.apache.org/ofbiz/" target="external" class="last">Blog</a></li> + </ul> + </li> + <li><a href="#" class="firstLevel">Documentation</a> + <ul> + <li><a href="//cwiki.apache.org/confluence/display/OFBIZ/Documentation#Documentation-End-UserDocumentation" target="external" class="">User Documentation</a></li> + <li><a href="//cwiki.apache.org/confluence/display/OFBIZ/Technical+Documentation" target="external" class="">Technical Documentation</a></li> + <li><a href="//cwiki.apache.org/confluence/display/OFBIZ/Home" target="external" class="">Wiki</a></li> + <li><a href="//ci.apache.org/projects/ofbiz/site/javadocs/" target="external" class="last">API Reference</a></li> + </ul> + </li> + <li><a href="#" class="firstLevel">Community</a> + <ul> + <li><a href="getting-involved.html">Getting Involved</a></li> + <li><a href="mailing-lists.html">Mailing Lists</a></li> + <li><a href="source-repositories.html">Source Repository</a></li> + <li><a href="download.html">Downloads</a></li> + <li><a href="//issues.apache.org/jira/browse/OFBIZ/?selectedTab=com.atlassian.jira.jira-projects-plugin:summary-panel" target="external" >Issue Tracker</a></li> + <li><a href="faqs.html" class="last">FAQ</a></li> + </ul> + </li> + <li><a href="ofbiz-demos.html" class="firstLevel">Demos</a></li> + <li> + <a href="//twitter.com/ApacheOfbiz" class="icon-twitter-bird socialIcon tips" + target="external" title="follow us on Twitter"><span>twitter</span></a> + </li> + <li><a href="//www.youtube.com/user/ofbiz" class="icon-play socialIcon tips" title="follow us on Youtube"><span>Youtube</span></a></li> + <li><a href="//www.facebook.com/Apache-OFBiz-1478219232210477/?ref=page_internal" class="icon-facebook socialIcon tips" title="follow us on Facebook"><span>facebook</span></a></li> + <!--<li><a href="#" class="icon-rss socialIcon tips" title="Our rss feed"><span>rss feed</span></a></li> + <li><a href="#" class="icon-gplus socialIcon tips" title="follow us on Google +"><span>google +</span></a></li> + <li><a href="#" class="icon-instagram socialIcon tips" title="follow us on Instagram"><span>instagram</span></a></li> + <li><a href="#" class="icon-linkedin socialIcon tips" title="follow us on Linkedin"><span>linkedin</span></a></li> + <li><a href="#" class="icon-pinterest-circled socialIcon tips" title="follow us on Pinterest"><span>Pinterest</span></a></li>--> + </ul> + </nav> + </div> + </div> + </div> +</header> +<!-- header --> +<!-- globalWrapper --> +<div id="globalWrapper"> + +<!-- content --> + <!-- page content --> + <section id="content" class="sidebar"> + <header class="headerPage"> + <div class="container clearfix"> + <div class="row"> + <h1 class="span8">Security</h1> + <div class="span4" id="navTrail"> <a href="index.html" class="homeLink">home</a><span>/</span><a href="#">Community</a><span>/</span> <span class="current">Security</span> </div> + </div> + </div> + </header> + <div class="slice clearfix"> + <div class="container"> + <div class="row"> + <h2><a id="security"></a>Security Vulnerabilities</h2> + <div class="divider"><span></span></div> + <p> <strong> We strongly encourage OfBiz users to report security problems affecting OFBiz to the private security mailing lists (either [hidden email] or [hidden email]), before disclosing them in a public forum.</strong></p> + <p>Please see the <a href="https://www.apache.org/security" target="external">ASF Security Team webpage</a> for further information about reporting a security vulnerability as well as their contact information. </p> + + <h3>List of Known Vulnerabilities</h3> + <ul class="iconsList"> + <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15714" target="external">CVE-2017-15714</a>; affected releases: from 16.11.01 to 16.11.03; fixed in 16.11.04 with revision <a href="//svn.apache.org/viewvc?view=revision&revision=1818482" target="external">1759065</a></li> + <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6800" target="external">CVE-2016-6800</a>; affected releases: 13.07.*, 12.04.*, 11.04.*; fixed in 16.11.01 with revisions <a href="//svn.apache.org/viewvc?view=revision&revision=1759065" target="external">1759065</a> and <a href="//svn.apache.org/viewvc?view=revision&revision=1759218" target="external"> 1759218</a></li> + <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4462" target="external">CVE-2016-4462</a>; affected releases: 13.07.*, 12.04.*, 11.04.*; fixed in 16.11.01 with revisions <a href="//svn.apache.org/viewvc?view=revision&revision=1761978" target="external">1761978</a>, <a href="//svn.apache.org/viewvc?view=revision&revision=1761986" target="external">1761986</a> and <a href="//svn.apache.org/viewvc?view=revision&revision=1761987" target="external"> 1761987</a></li> + <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2170" target="external">CVE-2016-2170</a>; affected releases: 13.07.02 and earlier versions (13.07.*), 12.04.05 and earlier versions (12.04.*); fixed in 13.07.03 and 12.04.06</li> + <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3268" target="external">CVE-2015-3268</a>; affected releases: 13.07.02 and earlier versions (13.07.*), 12.04.05 and earlier versions (12.04.*); fixed in 13.07.03 and 12.04.06</li> + <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0232" target="external">CVE-2014-0232</a>; affected releases: 12.04.03 and earlier versions (12.04.*), 11.04.04 and earlier versions (11.04.*); fixed in 12.04.04 and 11.04.05</li> + <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2250" target="external">CVE-2013-2250</a>; affected releases: 12.04.01, 11.04.02 and earlier versions (11.04.*), 10.04.05 and earlier versions (10.04.*); fixed in 12.04.02, 11.04.03 and 10.04.06</li> + <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2137" target="external">CVE-2013-2137</a>; affected releases: 12.04.01, 11.04.02 and earlier versions (11.04.*), 10.04.05 and earlier versions (10.04.*); fixed in 12.04.02, 11.04.03 and 10.04.06</li> + <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0177" target="external">CVE-2013-0177</a>; affected releases: 11.04.01, 10.04.04 and earlier versions (10.04.*); fixed in 11.04.02 and 10.04.05</li> + <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3506" target="external">CVE-2012-3506</a>; affected releases: 10.04.02, 10.04 (10.04.01); fixed in 10.04.03</li> + <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1622" target="external">CVE-2012-1622</a>; affected releases: 10.04 (10.04.01); fixed in 10.04.02</li> + <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1621" target="external">CVE-2012-1621</a>; affected releases: 10.04 (10.04.01); fixed in 10.04.02</li> + <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0432" target="external">CVE-2010-0432</a>; affected releases: 09.04; fixed in 09.04.01</li> + </ul> + </div> + </div> + </div> + </section> + +<!-- content --> +<!-- footer --> +<footer class="footer1"> + <div class="container" id="footer"> + <div class="row"> + <div class="span6 timelineWidget"> + <h2>Latest tweets</h2> + <!--div class="divider"><span></span></div> + <ul class="socialNetwork nav"> + <li> + <a href="//twitter.com/ApacheOfbiz" class="icon-twitter-bird socialIcon tips" + target="external" title="follow us on Twitter"><span>twitter</span></a> + </li> + <li><a href="//www.youtube.com/user/ofbiz" class="icon-play socialIcon tips" title="follow us on Youtube"><span>Youtube</span></a></li> + <li><a href="//www.facebook.com/Apache-OFBiz-1478219232210477/?ref=page_internal" class="icon-facebook socialIcon tips" title="follow us on Facebook"><span>facebook</span></a></li> + <!--<li><a href="#" class="icon-rss socialIcon tips" title="Our rss feed"><span>rss feed</span></a></li> + <li><a href="#" class="icon-gplus socialIcon tips" title="follow us on Google +"><span>google +</span></a></li> + <li><a href="#" class="icon-instagram socialIcon tips" title="follow us on Instagram"><span>instagram</span></a></li> + <li><a href="#" class="icon-linkedin socialIcon tips" title="follow us on Linkedin"><span>linkedin</span></a></li> + <li><a href="#" class="icon-pinterest-circled socialIcon tips" title="follow us on Pinterest"><span>Pinterest</span></a></li>--> + </ul--> + <div id="twitterFrame"> <a class="twitter-timeline" href="//twitter.com/ApacheOfbiz?height=250" data-widget-id="588661945194192896" data-tweet-limit="2" data-theme="dark" data-chrome="nofooter noheader transparent" >Tweets by @ApacheOfbiz</a> + <script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0],p=/^http:/.test(d.location)?'http':'https';if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src=p+"://platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script> + </div> + </div> + <div class="span3 contactWidget"> + <h2>Contact Community</h2> + <div class="divider"><span></span></div> + <ul> + <li><a href="mailing-lists.html">Mailing Lists</a></li> + <li><a href="source-repositories.html">Source Repository (SVN)</a></li> + <li><a href="//issues.apache.org/jira/browse/OFBIZ" target="external">Issue Tracker (Jira)</a></li> + <li><a href="//www.youtube.com/user/ofbiz" target="external">OFBiz Youtube Channel</a></li> + <li><a href="//vimeo.com/channels/apacheofbiz" target="external">OFBiz Vimeo Channel</a></li> + <li><a href="//www.hipchat.com/gGlwdXZZl" target="external">OFBiz HipChat Room</a></li> + </ul> + </div> + <div class="span3 sociallWidget"> + <h2>ASF Information</h2> + <div class="divider"><span></span></div> + <ul> + <li><a href="https://www.apache.org/foundation/" target="external">Apache Software Foundation</a></li> + <li><a href="https://www.apache.org/events/current-event" target="external">Events</a></li> + <li><a href="https://www.apache.org/foundation/sponsorship.html" target="external">Sponsorship</a></li> + <li><a href="https://www.apache.org/foundation/thanks.html" target="external">Thanks</a></li> + <li><a href="download.html#security">Security</a></li> + </ul> + </div> + </div> + </div> +</footer> +<footer class="footer2" id="footerRights"> + <div class="container"> + <div class="row"> + <div class="span12"> + <p> + Copyright © 2018 The Apache Software Foundation. + <a href="https://www.apache.org/licenses/" target="external">Licensed under the Apache License, Version 2.0</a>.<br/> + Apache OFBiz, OFBiz, the project logo and the Apache feather logo are trademarks of <a href="https://www.apache.org/" target="external">The Apache Software Foundation.</a> + </p> + </div> + </div> + </div> +</footer> +<!-- footer --> +</div> +<!-- globalWrapper --> +<script type="text/javascript" src="js/plugins/respond/respond.min.js"></script> +<script type="text/javascript" src="js/jquery-1.8.2.min.js"></script> +<script type="text/javascript" src="js/plugins/jquery-ui/jquery-ui-1.8.23.custom.min.js"></script> +<!-- third party plugins --> +<script type="text/javascript" src="bootstrap/js/bootstrap.js"></script> +<script type="text/javascript" src="bootstrap/js/bootstrap-carousel.js"></script> +<script type="text/javascript" src="js/plugins/easing/jquery.easing.1.3.js"></script> +<script type="text/javascript" src="js/plugins/pretty-photo/js/jquery.prettyPhoto.js"></script> +<script type="text/javascript" src="js/plugins/hoverdir/jquery.hoverdir.js"></script> +<!-- jQuery KenBurn Slider --> +<script type="text/javascript" src="js/plugins/rs-plugin/js/jquery.themepunch.plugins.min.js"></script> +<script type="text/javascript" src="js/plugins/rs-plugin/js/jquery.themepunch.revolution.min.js"></script> +<!-- Custom --> +<script type="text/javascript" src="js/custom.js"></script> +<script type="text/javascript"> + var _gaq = _gaq || []; + _gaq.push(['_setAccount', UA]); + _gaq.push(['_trackPageview']); + + (function() { + var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; + ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; + var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); + })(); +</script> +</body> +</html> Propchange: ofbiz/site/security.html ------------------------------------------------------------------------------ svn:eol-style = native Propchange: ofbiz/site/security.html ------------------------------------------------------------------------------ svn:keywords = Date Rev Author URL Id Propchange: ofbiz/site/security.html ------------------------------------------------------------------------------ svn:mime-type = text/html Modified: ofbiz/site/template/page/download.tpl.php URL: http://svn.apache.org/viewvc/ofbiz/site/template/page/download.tpl.php?rev=1828996&r1=1828995&r2=1828996&view=diff ============================================================================== --- ofbiz/site/template/page/download.tpl.php (original) +++ ofbiz/site/template/page/download.tpl.php Thu Apr 12 18:19:47 2018 @@ -67,28 +67,7 @@ <div class="divider"><span></span></div> <p>Older superseded releases of Apache OFBiz can be found in the <a href="//archive.apache.org/dist/ofbiz/" target="external">Apache OFBiz archive</a></p> <p><strong>NOTE: To avoid any security vulnerabilities the Apache OFBiz community highly recommend that all users upgrade to the latest stable release.</strong></p> - <p> A descriptions of each release in the history of OFBiz can be <a href="//www.apache.org/dist/ofbiz/" target="external">found here</a></p> - <h2><a id="security"></a>Security Vulnerabilities</h2> - <div class="divider"><span></span></div> - <p> <strong> We strongly encourage OfBiz users to report security problems affecting OFBiz to the private security mailing lists (either [hidden email] or [hidden email]), before disclosing them in a public forum.</strong></p> -<p>Please see the <a href="https://www.apache.org/security" target="external">ASF Security Team webpage</a> for further information about reporting a security vulnerability as well as their contact information. </p> - - <h3>List of Known Vulnerabilities</h3> - <ul class="iconsList"> - <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15714" target="external">CVE-2017-15714</a>; affected releases: from 16.11.01 to 16.11.03; fixed in 16.11.04 with revision <a href="//svn.apache.org/viewvc?view=revision&revision=1818482" target="external">1759065</a></li> - <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6800" target="external">CVE-2016-6800</a>; affected releases: 13.07.*, 12.04.*, 11.04.*; fixed in 16.11.01 with revisions <a href="//svn.apache.org/viewvc?view=revision&revision=1759065" target="external">1759065</a> and <a href="//svn.apache.org/viewvc?view=revision&revision=1759218" target="external"> 1759218</a></li> - <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4462" target="external">CVE-2016-4462</a>; affected releases: 13.07.*, 12.04.*, 11.04.*; fixed in 16.11.01 with revisions <a href="//svn.apache.org/viewvc?view=revision&revision=1761978" target="external">1761978</a>, <a href="//svn.apache.org/viewvc?view=revision&revision=1761986" target="external">1761986</a> and <a href="//svn.apache.org/viewvc?view=revision&revision=1761987" target="external"> 1761987</a></li> - <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2170" target="external">CVE-2016-2170</a>; affected releases: 13.07.02 and earlier versions (13.07.*), 12.04.05 and earlier versions (12.04.*); fixed in 13.07.03 and 12.04.06</li> - <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3268" target="external">CVE-2015-3268</a>; affected releases: 13.07.02 and earlier versions (13.07.*), 12.04.05 and earlier versions (12.04.*); fixed in 13.07.03 and 12.04.06</li> - <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0232" target="external">CVE-2014-0232</a>; affected releases: 12.04.03 and earlier versions (12.04.*), 11.04.04 and earlier versions (11.04.*); fixed in 12.04.04 and 11.04.05</li> - <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2250" target="external">CVE-2013-2250</a>; affected releases: 12.04.01, 11.04.02 and earlier versions (11.04.*), 10.04.05 and earlier versions (10.04.*); fixed in 12.04.02, 11.04.03 and 10.04.06</li> - <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2137" target="external">CVE-2013-2137</a>; affected releases: 12.04.01, 11.04.02 and earlier versions (11.04.*), 10.04.05 and earlier versions (10.04.*); fixed in 12.04.02, 11.04.03 and 10.04.06</li> - <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0177" target="external">CVE-2013-0177</a>; affected releases: 11.04.01, 10.04.04 and earlier versions (10.04.*); fixed in 11.04.02 and 10.04.05</li> - <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3506" target="external">CVE-2012-3506</a>; affected releases: 10.04.02, 10.04 (10.04.01); fixed in 10.04.03</li> - <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1622" target="external">CVE-2012-1622</a>; affected releases: 10.04 (10.04.01); fixed in 10.04.02</li> - <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1621" target="external">CVE-2012-1621</a>; affected releases: 10.04 (10.04.01); fixed in 10.04.02</li> - <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0432" target="external">CVE-2010-0432</a>; affected releases: 09.04; fixed in 09.04.01</li> - </ul> + <p> A descriptions of each release in the history of OFBiz can be <a href="//www.apache.org/dist/ofbiz/" target="external">found here</a></p> </div> </div> </div> Copied: ofbiz/site/template/page/security.tpl.php (from r1828994, ofbiz/site/template/page/download.tpl.php) URL: http://svn.apache.org/viewvc/ofbiz/site/template/page/security.tpl.php?p2=ofbiz/site/template/page/security.tpl.php&p1=ofbiz/site/template/page/download.tpl.php&r1=1828994&r2=1828996&rev=1828996&view=diff ============================================================================== --- ofbiz/site/template/page/download.tpl.php (original) +++ ofbiz/site/template/page/security.tpl.php Thu Apr 12 18:19:47 2018 @@ -1,5 +1,5 @@ <?php //Variable declarations for region templates - $head_title = '<title>The Apache OFBiz® Project - Downloads</title>'; + $head_title = '<title>The Apache OFBiz® Project - Security</title>'; ?> <!-- content --> @@ -8,89 +8,36 @@ <header class="headerPage"> <div class="container clearfix"> <div class="row"> - <h1 class="span8">Downloads</h1> - <div class="span4" id="navTrail"> <a href="index.html" class="homeLink">home</a><span>/</span><a href="#">Community</a><span>/</span> <span class="current">Downloads</span> </div> + <h1 class="span8">Security</h1> + <div class="span4" id="navTrail"> <a href="index.html" class="homeLink">home</a><span>/</span><a href="#">Community</a><span>/</span> <span class="current">Security</span> </div> </div> </div> </header> <div class="slice clearfix"> <div class="container"> <div class="row"> - <!-- sidebar --> - <aside class="span4" id="sidebar"> - - <section class="widget blogUpdates"> - <h2>Releases for Download</h2> - <div class="divider"><span></span></div> - <ul class="nav nav-tabs " id="myTab"> - <li class="active"><a href="#tabs-1" data-toggle="tab">Downloads</a></li> - <li><a href="#tabs-2" data-toggle="tab">Release Notes</a></li> - </ul> - <div class="tab-content"> - <div class="tab-pane active" id="tabs-1"> - <ul> - <li> - <h2>OFBiz 16.11.04</h2> - <a href="//www.apache.org/dyn/closer.lua/ofbiz/apache-ofbiz-16.11.04.zip" target="external" class="moreLink">→ Download</a> - </li> - </ul> - </div> - <div class="tab-pane" id="tabs-2"> - <ul> - <li> - <h2>OFBiz 16.11.04</h2> - <a href="release-notes-16.11.04.html" class="moreLink">→ View</a> - </li> - </ul> - </div> - </div> - </section> - </aside> - <!-- sidebar --> - <div class="span8"> - <h2>Download Apache OFBiz</h2> - <div class="divider"><span></span></div> - <div class="imgWrapper"> <img src="images/Download.jpg" alt="image fullwidth"> </div> - <p> <strong> Use the links below to download Apache OFBiz releases from the "Apache Download Mirrors" page. The download page also includes instructions on how to verify the integrity of the release file using the signature and hashes (PGP, MD5, SHA512) available for each release. </strong> </p> - <p> <strong>PLEASE NOTE:</strong> Despite our best efforts to maintain up to three active release branches, support for older branches can decrease because our project volunteers may be focused on other issues. We recommend using releases from the most recent branch wherever possible. </p> - <h2>Apache OFBiz 16.11.04</h2> - <div class="divider"><span></span></div> - <p> Released in January 2018, this is the fourth release of the 16.11 series, that has been stabilized since November 2016. </p> - <a href ="//www.apache.org/dyn/closer.lua/ofbiz/apache-ofbiz-16.11.04.zip" target="external" >Download OFBiz 16.11.04</a> - <a href ="//www.apache.org/dist/ofbiz/apache-ofbiz-16.11.04.zip.asc" target="external">[PGP]</a> - <a href ="//www.apache.org/dist/ofbiz/apache-ofbiz-16.11.04.zip.md5" target="external">[MD5]</a> - <a href ="//www.apache.org/dist/ofbiz/apache-ofbiz-16.11.04.zip.sha" target="external">[SHA512]</a> - <a href ="//www.apache.org/dist/ofbiz/KEYS" target="external">[KEYS]</a> - <a href ="release-notes-16.11.04.html">[Release Notes]</a> - - <h2>Earlier Releases</h2> - <div class="divider"><span></span></div> - <p>Older superseded releases of Apache OFBiz can be found in the <a href="//archive.apache.org/dist/ofbiz/" target="external">Apache OFBiz archive</a></p> - <p><strong>NOTE: To avoid any security vulnerabilities the Apache OFBiz community highly recommend that all users upgrade to the latest stable release.</strong></p> - <p> A descriptions of each release in the history of OFBiz can be <a href="//www.apache.org/dist/ofbiz/" target="external">found here</a></p> - <h2><a id="security"></a>Security Vulnerabilities</h2> + <h2><a id="security"></a>Security Vulnerabilities</h2> <div class="divider"><span></span></div> <p> <strong> We strongly encourage OfBiz users to report security problems affecting OFBiz to the private security mailing lists (either [hidden email] or [hidden email]), before disclosing them in a public forum.</strong></p> -<p>Please see the <a href="https://www.apache.org/security" target="external">ASF Security Team webpage</a> for further information about reporting a security vulnerability as well as their contact information. </p> + <p>Please see the <a href="https://www.apache.org/security" target="external">ASF Security Team webpage</a> for further information about reporting a security vulnerability as well as their contact information. </p> <h3>List of Known Vulnerabilities</h3> <ul class="iconsList"> - <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15714" target="external">CVE-2017-15714</a>; affected releases: from 16.11.01 to 16.11.03; fixed in 16.11.04 with revision <a href="//svn.apache.org/viewvc?view=revision&revision=1818482" target="external">1759065</a></li> - <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6800" target="external">CVE-2016-6800</a>; affected releases: 13.07.*, 12.04.*, 11.04.*; fixed in 16.11.01 with revisions <a href="//svn.apache.org/viewvc?view=revision&revision=1759065" target="external">1759065</a> and <a href="//svn.apache.org/viewvc?view=revision&revision=1759218" target="external"> 1759218</a></li> - <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4462" target="external">CVE-2016-4462</a>; affected releases: 13.07.*, 12.04.*, 11.04.*; fixed in 16.11.01 with revisions <a href="//svn.apache.org/viewvc?view=revision&revision=1761978" target="external">1761978</a>, <a href="//svn.apache.org/viewvc?view=revision&revision=1761986" target="external">1761986</a> and <a href="//svn.apache.org/viewvc?view=revision&revision=1761987" target="external"> 1761987</a></li> - <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2170" target="external">CVE-2016-2170</a>; affected releases: 13.07.02 and earlier versions (13.07.*), 12.04.05 and earlier versions (12.04.*); fixed in 13.07.03 and 12.04.06</li> - <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3268" target="external">CVE-2015-3268</a>; affected releases: 13.07.02 and earlier versions (13.07.*), 12.04.05 and earlier versions (12.04.*); fixed in 13.07.03 and 12.04.06</li> - <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0232" target="external">CVE-2014-0232</a>; affected releases: 12.04.03 and earlier versions (12.04.*), 11.04.04 and earlier versions (11.04.*); fixed in 12.04.04 and 11.04.05</li> - <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2250" target="external">CVE-2013-2250</a>; affected releases: 12.04.01, 11.04.02 and earlier versions (11.04.*), 10.04.05 and earlier versions (10.04.*); fixed in 12.04.02, 11.04.03 and 10.04.06</li> - <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2137" target="external">CVE-2013-2137</a>; affected releases: 12.04.01, 11.04.02 and earlier versions (11.04.*), 10.04.05 and earlier versions (10.04.*); fixed in 12.04.02, 11.04.03 and 10.04.06</li> - <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0177" target="external">CVE-2013-0177</a>; affected releases: 11.04.01, 10.04.04 and earlier versions (10.04.*); fixed in 11.04.02 and 10.04.05</li> - <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3506" target="external">CVE-2012-3506</a>; affected releases: 10.04.02, 10.04 (10.04.01); fixed in 10.04.03</li> - <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1622" target="external">CVE-2012-1622</a>; affected releases: 10.04 (10.04.01); fixed in 10.04.02</li> - <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1621" target="external">CVE-2012-1621</a>; affected releases: 10.04 (10.04.01); fixed in 10.04.02</li> - <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0432" target="external">CVE-2010-0432</a>; affected releases: 09.04; fixed in 09.04.01</li> + <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15714" target="external">CVE-2017-15714</a>; affected releases: from 16.11.01 to 16.11.03; fixed in 16.11.04 with revision <a href="//svn.apache.org/viewvc?view=revision&revision=1818482" target="external">1759065</a></li> + <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6800" target="external">CVE-2016-6800</a>; affected releases: 13.07.*, 12.04.*, 11.04.*; fixed in 16.11.01 with revisions <a href="//svn.apache.org/viewvc?view=revision&revision=1759065" target="external">1759065</a> and <a href="//svn.apache.org/viewvc?view=revision&revision=1759218" target="external"> 1759218</a></li> + <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4462" target="external">CVE-2016-4462</a>; affected releases: 13.07.*, 12.04.*, 11.04.*; fixed in 16.11.01 with revisions <a href="//svn.apache.org/viewvc?view=revision&revision=1761978" target="external">1761978</a>, <a href="//svn.apache.org/viewvc?view=revision&revision=1761986" target="external">1761986</a> and <a href="//svn.apache.org/viewvc?view=revision&revision=1761987" target="external"> 1761987</a></li> + <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2170" target="external">CVE-2016-2170</a>; affected releases: 13.07.02 and earlier versions (13.07.*), 12.04.05 and earlier versions (12.04.*); fixed in 13.07.03 and 12.04.06</li> + <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3268" target="external">CVE-2015-3268</a>; affected releases: 13.07.02 and earlier versions (13.07.*), 12.04.05 and earlier versions (12.04.*); fixed in 13.07.03 and 12.04.06</li> + <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0232" target="external">CVE-2014-0232</a>; affected releases: 12.04.03 and earlier versions (12.04.*), 11.04.04 and earlier versions (11.04.*); fixed in 12.04.04 and 11.04.05</li> + <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2250" target="external">CVE-2013-2250</a>; affected releases: 12.04.01, 11.04.02 and earlier versions (11.04.*), 10.04.05 and earlier versions (10.04.*); fixed in 12.04.02, 11.04.03 and 10.04.06</li> + <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2137" target="external">CVE-2013-2137</a>; affected releases: 12.04.01, 11.04.02 and earlier versions (11.04.*), 10.04.05 and earlier versions (10.04.*); fixed in 12.04.02, 11.04.03 and 10.04.06</li> + <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0177" target="external">CVE-2013-0177</a>; affected releases: 11.04.01, 10.04.04 and earlier versions (10.04.*); fixed in 11.04.02 and 10.04.05</li> + <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3506" target="external">CVE-2012-3506</a>; affected releases: 10.04.02, 10.04 (10.04.01); fixed in 10.04.03</li> + <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1622" target="external">CVE-2012-1622</a>; affected releases: 10.04 (10.04.01); fixed in 10.04.02</li> + <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1621" target="external">CVE-2012-1621</a>; affected releases: 10.04 (10.04.01); fixed in 10.04.02</li> + <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0432" target="external">CVE-2010-0432</a>; affected releases: 09.04; fixed in 09.04.01</li> </ul> </div> - </div> </div> </div> </section> |
Free forum by Nabble | Edit this page |