[ofbiz-framework] branch release18.12 updated: Improved: post-auth Remote Code Execution Vulnerability (OFBIZ-12332)

Fri, 08 Oct 2021 23:03:47 -0700 

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch release18.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git


The following commit(s) were added to refs/heads/release18.12 by this push:
     new 02a544a  Improved: post-auth Remote Code Execution Vulnerability 
(OFBIZ-12332)
02a544a is described below

commit 02a544a820c5cc78d929df66ad166a854f5a412a
Author: Jacques Le Roux <jacques.le.r...@les7arts.com>
AuthorDate: Sat Oct 9 07:48:55 2021 +0200

    Improved: post-auth Remote Code Execution Vulnerability (OFBIZ-12332)
    
    Temporarily comments out XMLRPC tests.
    
    I'll work on a definitive solution ASAP
    
    Conflicts handled by hand: framework/service/testdef/servicetests.xml
---
 framework/service/testdef/servicetests.xml | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/framework/service/testdef/servicetests.xml 
b/framework/service/testdef/servicetests.xml
index 7f01d70..0c6d20c 100644
--- a/framework/service/testdef/servicetests.xml
+++ b/framework/service/testdef/servicetests.xml
@@ -66,11 +66,18 @@ under the License.
     <test-case case-name="service-eca-global-event-exec-assert-data">
         <entity-xml action="assert" 
entity-xml-url="component://service/testdef/data/ServiceEcaGlobalEventAssertData.xml"/>
     </test-case>
-    
-    <test-case case-name="service-xml-rpc">
+
+<!-- Because of "post-auth Remote Code Execution Vulnerability" (OFBIZ-12332), 
Temporarily comments out XMLRPC tests. -->
+<!--     <test-case case-name="service-xml-rpc">
         <junit-test-suite 
class-name="org.apache.ofbiz.service.test.XmlRpcTests"/>
     </test-case>
     <test-case case-name="service-xml-rpc-local-engine">
         <service-test service-name="testXmlRpcClientAdd"/>
+    </test-case> -->
+    <test-case case-name="load-data-service-permission-tests">
+        <entity-xml 
entity-xml-url="component://service/testdef/data/PermissionServiceTestData.xml"/>
+    </test-case>
+    <test-case case-name="service-permission-tests">
+        <junit-test-suite 
class-name="org.apache.ofbiz.service.test.ServicePermissionTests"/>
     </test-case>
 </test-suite>

Reply via email to