This is an automated email from the ASF dual-hosted git repository. jleroux pushed a commit to branch trunk in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/trunk by this push: new cd03a6a Improved: post-auth Remote Code Execution Vulnerability (OFBIZ-12332) cd03a6a is described below commit cd03a6a98f2a34a9676196f85883dfd3947ee788 Author: Jacques Le Roux <jacques.le.r...@les7arts.com> AuthorDate: Sat Oct 9 07:48:55 2021 +0200 Improved: post-auth Remote Code Execution Vulnerability (OFBIZ-12332) Temporarily comments out XMLRPC tests. I'll work on a definitive solution ASAP --- framework/service/testdef/servicetests.xml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/framework/service/testdef/servicetests.xml b/framework/service/testdef/servicetests.xml index 817c063..6d15539 100644 --- a/framework/service/testdef/servicetests.xml +++ b/framework/service/testdef/servicetests.xml @@ -66,13 +66,14 @@ under the License. <test-case case-name="service-eca-global-event-exec-assert-data"> <entity-xml action="assert" entity-xml-url="component://service/testdef/data/ServiceEcaGlobalEventAssertData.xml"/> </test-case> - - <test-case case-name="service-xml-rpc"> + +<!-- Because of "post-auth Remote Code Execution Vulnerability" (OFBIZ-12332), Temporarily comments out XMLRPC tests. --> +<!-- <test-case case-name="service-xml-rpc"> <junit-test-suite class-name="org.apache.ofbiz.service.test.XmlRpcTests"/> </test-case> <test-case case-name="service-xml-rpc-local-engine"> <service-test service-name="testXmlRpcClientAdd"/> - </test-case> + </test-case> --> <test-case case-name="load-data-service-permission-tests"> <entity-xml entity-xml-url="component://service/testdef/data/PermissionServiceTestData.xml"/> </test-case>