This is an automated email from the ASF dual-hosted git repository. jleroux pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ofbiz-site.git
The following commit(s) were added to refs/heads/master by this push: new b4d85b0 [SECURITY] (CVE-2024-23946) Don't need to show files names in UI messages (OFBIZ-12884) [SECURITY] (CVE-2024-25065) Normalize contextPath in hasBasePermission (OFBIZ-12887) b4d85b0 is described below commit b4d85b0c6438900e7d2108e48e5acec1925d0857 Author: Jacques Le Roux <jacques.le.r...@les7arts.com> AuthorDate: Wed Feb 28 16:52:49 2024 +0100 [SECURITY] (CVE-2024-23946) Don't need to show files names in UI messages (OFBIZ-12884) [SECURITY] (CVE-2024-25065) Normalize contextPath in hasBasePermission (OFBIZ-12887) Updates CVEs information for above Updates also texts for CVE-2024-23946, CVE-2024-25065, CVE-2023-51467 and CVE-2023-50968. They were referring to the wrong affected releases Also removes the "Latest tweets" in footer, soon the rest will follow --- .classpath | 6 ++++ .project | 18 ++++++++++++ bootstrap/css/.gitignore | 1 + bootstrap/img/.gitignore | 2 ++ bootstrap/js/.gitignore | 1 + desktop.ini | 6 ++++ font-icons/custom-icons/font/.gitignore | 1 + images/.gitignore | 32 ++++++++++++++++++++++ images/icons/.gitignore | 3 ++ images/slider/rs/.gitignore | 5 ++++ images/textures/.gitignore | 2 ++ js/.gitignore | 3 ++ .../ajax-contact-extend/assets/img/.gitignore | 3 ++ .../assets/img/verify/.gitignore | 3 ++ js/plugins/flexslider/images/.gitignore | 1 + js/plugins/flexslider/themes/.gitignore | 1 + js/plugins/isotope/.gitignore | 1 + js/plugins/jquery-browser-plugin/.gitignore | 1 + js/plugins/jquery.sharrre-1.3.4/.gitignore | 1 + .../pretty-photo/images/fullscreen/.gitignore | 3 ++ .../images/prettyPhoto/dark_rounded/.gitignore | 6 ++++ .../images/prettyPhoto/dark_square/.gitignore | 6 ++++ .../images/prettyPhoto/default/.gitignore | 7 +++++ .../images/prettyPhoto/facebook/.gitignore | 9 ++++++ .../images/prettyPhoto/light_rounded/.gitignore | 5 ++++ .../images/prettyPhoto/light_square/.gitignore | 5 ++++ .../pretty-photo/images/thumbnails/.gitignore | 2 ++ js/plugins/pretty-photo/js/.gitignore | 3 ++ js/plugins/respond/.gitignore | 1 + js/plugins/rs-plugin/assets/.gitignore | 32 ++++++++++++++++++++++ js/plugins/rs-plugin/images/.gitignore | 3 ++ js/plugins/rs-plugin/images/gradient/.gitignore | 2 ++ js/plugins/rs-plugin/js/.gitignore | 2 ++ js/plugins/sequence/images/.gitignore | 10 +++++++ security.html | 11 +++++--- template/page/security.tpl.php | 6 ++-- 36 files changed, 198 insertions(+), 6 deletions(-) diff --git a/.classpath b/.classpath new file mode 100644 index 0000000..f62158f --- /dev/null +++ b/.classpath @@ -0,0 +1,6 @@ +<?xml version="1.0" encoding="UTF-8"?> +<classpath> + <classpathentry kind="src" path=""/> + <classpathentry kind="con" path="GROOVY_DSL_SUPPORT"/> + <classpathentry kind="output" path="bin"/> +</classpath> diff --git a/.project b/.project new file mode 100644 index 0000000..76d68d3 --- /dev/null +++ b/.project @@ -0,0 +1,18 @@ +<?xml version="1.0" encoding="UTF-8"?> +<projectDescription> + <name>Site</name> + <comment></comment> + <projects/> + <natures> + <nature>org.eclipse.jdt.groovy.core.groovyNature</nature> + <nature>org.eclipse.jdt.core.javanature</nature> + </natures> + <buildSpec> + <buildCommand> + <name>org.eclipse.jdt.core.javabuilder</name> + <arguments/> + </buildCommand> + </buildSpec> + <linkedResources/> + <filteredResources/> +</projectDescription> diff --git a/bootstrap/css/.gitignore b/bootstrap/css/.gitignore new file mode 100644 index 0000000..dd29886 --- /dev/null +++ b/bootstrap/css/.gitignore @@ -0,0 +1 @@ +/bootstrap.min.css diff --git a/bootstrap/img/.gitignore b/bootstrap/img/.gitignore new file mode 100644 index 0000000..f6e92e2 --- /dev/null +++ b/bootstrap/img/.gitignore @@ -0,0 +1,2 @@ +/glyphicons-halflings-white.png +/glyphicons-halflings.png diff --git a/bootstrap/js/.gitignore b/bootstrap/js/.gitignore new file mode 100644 index 0000000..3ce2c31 --- /dev/null +++ b/bootstrap/js/.gitignore @@ -0,0 +1 @@ +/bootstrap.min.js diff --git a/desktop.ini b/desktop.ini new file mode 100644 index 0000000..3317408 --- /dev/null +++ b/desktop.ini @@ -0,0 +1,6 @@ +[.ShellClassInfo] +IconResource=C:\Windows\system32\SHELL32.dll,94 +[ViewState] +Mode= +Vid= +FolderType=Documents diff --git a/font-icons/custom-icons/font/.gitignore b/font-icons/custom-icons/font/.gitignore new file mode 100644 index 0000000..9c6b073 --- /dev/null +++ b/font-icons/custom-icons/font/.gitignore @@ -0,0 +1 @@ +/custom-icons.svg diff --git a/images/.gitignore b/images/.gitignore new file mode 100644 index 0000000..18013f8 --- /dev/null +++ b/images/.gitignore @@ -0,0 +1,32 @@ +/android-icon-144x144.png +/android-icon-192x192.png +/android-icon-36x36.png +/android-icon-48x48.png +/android-icon-72x72.png +/android-icon-96x96.png +/apple-icon-114x114.png +/apple-icon-120x120.png +/apple-icon-144x144.png +/apple-icon-152x152.png +/apple-icon-180x180.png +/apple-icon-57x57.png +/apple-icon-60x60.png +/apple-icon-72x72.png +/apple-icon-76x76.png +/apple-icon-precomposed.png +/apple-icon.png +/download.png +/favicon-16x16.png +/favicon-32x32.png +/favicon-96x96.png +/favicon.ico +/favicon_old.ico +/icon-map.png +/main-logo.png +/ms-icon-144x144.png +/ms-icon-150x150.png +/ms-icon-310x310.png +/no-slider-pic.png +/no-slider-pic2.png +/ofbiz_logo.png +/rs-arrows.png diff --git a/images/icons/.gitignore b/images/icons/.gitignore new file mode 100644 index 0000000..501fc89 --- /dev/null +++ b/images/icons/.gitignore @@ -0,0 +1,3 @@ +/ajax-loader.gif +/main-nav-hoverstate.png +/main-nav-normalstate.png diff --git a/images/slider/rs/.gitignore b/images/slider/rs/.gitignore new file mode 100644 index 0000000..4a99511 --- /dev/null +++ b/images/slider/rs/.gitignore @@ -0,0 +1,5 @@ +/CatalogPromotions-SaphirTheme.png +/InventoryItems-SaphirTheme.png +/Project-SaphirTheme.png +/SalesOrder-SaphirTheme.png +/thumb.png diff --git a/images/textures/.gitignore b/images/textures/.gitignore new file mode 100644 index 0000000..0f30c39 --- /dev/null +++ b/images/textures/.gitignore @@ -0,0 +1,2 @@ +/bg-texture-video.png +/texture-psychedelic-pattern-purple.png diff --git a/js/.gitignore b/js/.gitignore new file mode 100644 index 0000000..3530a82 --- /dev/null +++ b/js/.gitignore @@ -0,0 +1,3 @@ +/jquery-1.12.4.min.js +/jquery-migrate-1.0.0.min.js +/modernizr-2.6.1.min.js diff --git a/js/plugins/ajax-contact-extend/assets/img/.gitignore b/js/plugins/ajax-contact-extend/assets/img/.gitignore new file mode 100644 index 0000000..3e82835 --- /dev/null +++ b/js/plugins/ajax-contact-extend/assets/img/.gitignore @@ -0,0 +1,3 @@ +/ajax-loader.gif +/error.gif +/success.gif diff --git a/js/plugins/ajax-contact-extend/assets/img/verify/.gitignore b/js/plugins/ajax-contact-extend/assets/img/verify/.gitignore new file mode 100644 index 0000000..deab0e9 --- /dev/null +++ b/js/plugins/ajax-contact-extend/assets/img/verify/.gitignore @@ -0,0 +1,3 @@ +/1.png +/2.png +/3.png diff --git a/js/plugins/flexslider/images/.gitignore b/js/plugins/flexslider/images/.gitignore new file mode 100644 index 0000000..b8e1052 --- /dev/null +++ b/js/plugins/flexslider/images/.gitignore @@ -0,0 +1 @@ +/bg_direction_nav.png diff --git a/js/plugins/flexslider/themes/.gitignore b/js/plugins/flexslider/themes/.gitignore new file mode 100644 index 0000000..f997900 --- /dev/null +++ b/js/plugins/flexslider/themes/.gitignore @@ -0,0 +1 @@ +/slider-overlay.png diff --git a/js/plugins/isotope/.gitignore b/js/plugins/isotope/.gitignore new file mode 100644 index 0000000..a8293f8 --- /dev/null +++ b/js/plugins/isotope/.gitignore @@ -0,0 +1 @@ +/jquery.isotope.min.js diff --git a/js/plugins/jquery-browser-plugin/.gitignore b/js/plugins/jquery-browser-plugin/.gitignore new file mode 100644 index 0000000..b747d22 --- /dev/null +++ b/js/plugins/jquery-browser-plugin/.gitignore @@ -0,0 +1 @@ +/jquery.browser.min.js diff --git a/js/plugins/jquery.sharrre-1.3.4/.gitignore b/js/plugins/jquery.sharrre-1.3.4/.gitignore new file mode 100644 index 0000000..e71067d --- /dev/null +++ b/js/plugins/jquery.sharrre-1.3.4/.gitignore @@ -0,0 +1 @@ +/jquery.sharrre-1.3.4.min.js diff --git a/js/plugins/pretty-photo/images/fullscreen/.gitignore b/js/plugins/pretty-photo/images/fullscreen/.gitignore new file mode 100644 index 0000000..00f8ff5 --- /dev/null +++ b/js/plugins/pretty-photo/images/fullscreen/.gitignore @@ -0,0 +1,3 @@ +/high.gif +/huge.gif +/wide.gif diff --git a/js/plugins/pretty-photo/images/prettyPhoto/dark_rounded/.gitignore b/js/plugins/pretty-photo/images/prettyPhoto/dark_rounded/.gitignore new file mode 100644 index 0000000..446fdb1 --- /dev/null +++ b/js/plugins/pretty-photo/images/prettyPhoto/dark_rounded/.gitignore @@ -0,0 +1,6 @@ +/btnNext.png +/btnPrevious.png +/contentPattern.png +/default_thumbnail.gif +/loader.gif +/sprite.png diff --git a/js/plugins/pretty-photo/images/prettyPhoto/dark_square/.gitignore b/js/plugins/pretty-photo/images/prettyPhoto/dark_square/.gitignore new file mode 100644 index 0000000..446fdb1 --- /dev/null +++ b/js/plugins/pretty-photo/images/prettyPhoto/dark_square/.gitignore @@ -0,0 +1,6 @@ +/btnNext.png +/btnPrevious.png +/contentPattern.png +/default_thumbnail.gif +/loader.gif +/sprite.png diff --git a/js/plugins/pretty-photo/images/prettyPhoto/default/.gitignore b/js/plugins/pretty-photo/images/prettyPhoto/default/.gitignore new file mode 100644 index 0000000..eb72739 --- /dev/null +++ b/js/plugins/pretty-photo/images/prettyPhoto/default/.gitignore @@ -0,0 +1,7 @@ +/default_thumb.png +/loader.gif +/sprite.png +/sprite_next.png +/sprite_prev.png +/sprite_x.png +/sprite_y.png diff --git a/js/plugins/pretty-photo/images/prettyPhoto/facebook/.gitignore b/js/plugins/pretty-photo/images/prettyPhoto/facebook/.gitignore new file mode 100644 index 0000000..06242fa --- /dev/null +++ b/js/plugins/pretty-photo/images/prettyPhoto/facebook/.gitignore @@ -0,0 +1,9 @@ +/btnNext.png +/btnPrevious.png +/contentPatternBottom.png +/contentPatternLeft.png +/contentPatternRight.png +/contentPatternTop.png +/default_thumbnail.gif +/loader.gif +/sprite.png diff --git a/js/plugins/pretty-photo/images/prettyPhoto/light_rounded/.gitignore b/js/plugins/pretty-photo/images/prettyPhoto/light_rounded/.gitignore new file mode 100644 index 0000000..16f6013 --- /dev/null +++ b/js/plugins/pretty-photo/images/prettyPhoto/light_rounded/.gitignore @@ -0,0 +1,5 @@ +/btnNext.png +/btnPrevious.png +/default_thumbnail.gif +/loader.gif +/sprite.png diff --git a/js/plugins/pretty-photo/images/prettyPhoto/light_square/.gitignore b/js/plugins/pretty-photo/images/prettyPhoto/light_square/.gitignore new file mode 100644 index 0000000..16f6013 --- /dev/null +++ b/js/plugins/pretty-photo/images/prettyPhoto/light_square/.gitignore @@ -0,0 +1,5 @@ +/btnNext.png +/btnPrevious.png +/default_thumbnail.gif +/loader.gif +/sprite.png diff --git a/js/plugins/pretty-photo/images/thumbnails/.gitignore b/js/plugins/pretty-photo/images/thumbnails/.gitignore new file mode 100644 index 0000000..0b2d1ee --- /dev/null +++ b/js/plugins/pretty-photo/images/thumbnails/.gitignore @@ -0,0 +1,2 @@ +/flash-logo.png +/quicktime-logo.gif diff --git a/js/plugins/pretty-photo/js/.gitignore b/js/plugins/pretty-photo/js/.gitignore new file mode 100644 index 0000000..b95543e --- /dev/null +++ b/js/plugins/pretty-photo/js/.gitignore @@ -0,0 +1,3 @@ +/jquery-1.3.2.min.js +/jquery-1.4.4.min.js +/jquery-1.6.1.min.js diff --git a/js/plugins/respond/.gitignore b/js/plugins/respond/.gitignore new file mode 100644 index 0000000..a34f253 --- /dev/null +++ b/js/plugins/respond/.gitignore @@ -0,0 +1 @@ +/respond.min.js diff --git a/js/plugins/rs-plugin/assets/.gitignore b/js/plugins/rs-plugin/assets/.gitignore new file mode 100644 index 0000000..222ab34 --- /dev/null +++ b/js/plugins/rs-plugin/assets/.gitignore @@ -0,0 +1,32 @@ +/arrow_large_left.png +/arrow_large_right.png +/arrow_left.png +/arrow_left2.png +/arrow_right.png +/arrow_right2.png +/arrowleft.png +/arrowright.png +/black50.png +/boxed_bgtile.png +/bullet.png +/bullet_boxed.png +/bullets.png +/bullets2.png +/coloredbg.png +/grain.png +/large_left.png +/large_right.png +/loader.gif +/loader2.gif +/navigdots.png +/navigdots_bgtile.png +/shadow1.png +/shadow2.png +/shadow3.png +/small_left.png +/small_left_boxed.png +/small_right.png +/small_right_boxed.png +/timer.png +/timerdot.png +/white50.png diff --git a/js/plugins/rs-plugin/images/.gitignore b/js/plugins/rs-plugin/images/.gitignore new file mode 100644 index 0000000..d3de529 --- /dev/null +++ b/js/plugins/rs-plugin/images/.gitignore @@ -0,0 +1,3 @@ +/decor_inside.png +/decor_inside_white.png +/decor_testimonial.png diff --git a/js/plugins/rs-plugin/images/gradient/.gitignore b/js/plugins/rs-plugin/images/gradient/.gitignore new file mode 100644 index 0000000..2f05638 --- /dev/null +++ b/js/plugins/rs-plugin/images/gradient/.gitignore @@ -0,0 +1,2 @@ +/g30.png +/g40.png diff --git a/js/plugins/rs-plugin/js/.gitignore b/js/plugins/rs-plugin/js/.gitignore new file mode 100644 index 0000000..d83db48 --- /dev/null +++ b/js/plugins/rs-plugin/js/.gitignore @@ -0,0 +1,2 @@ +/jquery.themepunch.plugins.min.js +/jquery.themepunch.revolution.min.js diff --git a/js/plugins/sequence/images/.gitignore b/js/plugins/sequence/images/.gitignore new file mode 100644 index 0000000..0802321 --- /dev/null +++ b/js/plugins/sequence/images/.gitignore @@ -0,0 +1,10 @@ +/bt-next.png +/bt-prev.png +/model1.png +/model2.png +/model3.png +/pause-icon.png +/sequence-logo.png +/tn-model1.png +/tn-model2.png +/tn-model3.png diff --git a/security.html b/security.html index 9392e49..1b372ff 100644 --- a/security.html +++ b/security.html @@ -145,8 +145,10 @@ <h3>List of Known Vulnerabilities</h3> <ul class="iconsList"> - <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51467" target="external">CVE-2023-51467</a>; affected release before 18.12.10; fixed in 18.12.11 with commit <a href="https://github.com/apache/ofbiz-framework/commit/d8b097f" target="external">d8b097f</a>, <a href="https://github.com/apache/ofbiz-framework/commit/1dcfa07180" target="external">1dcfa07180</a> </li> - <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50968" target="external">CVE-2023-50968</a>; affected release before 18.12.10; fixed in 18.12.11 with commit <a href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=82c1737688" target="external">82c1737688</a></li> + <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23946" target="external">CVE-2024-23946</a>; affected releases before 18.12.12; fixed in 18.12.12 with commits <a href="https://github.com/apache/ofbiz-framework/commit/b1cf4ef3e1" target="external">b1cf4ef3e1</a>, <a href="https://github.com/apache/ofbiz-framework/commit/93f8a58419" target="external">93f8a58419</a>, <a href="https://github.com/apache/ofbiz-framework/commit/c910e413ba" [...] + <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25065" target="external">CVE-2024-25065</a>; affected releases before 18.12.12; fixed in 18.12.12 with commit <a href="https://github.com/apache/ofbiz-framework/commit/b91a9b7f26" target="external">b91a9b7f26</a></li> + <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51467" target="external">CVE-2023-51467</a>; affected releases before 18.12.11; fixed in 18.12.11 with commits <a href="https://github.com/apache/ofbiz-framework/commit/d8b097f" target="external">d8b097f</a>, <a href="https://github.com/apache/ofbiz-framework/commit/1dcfa07180" target="external">1dcfa07180</a> </li> + <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50968" target="external">CVE-2023-50968</a>; affected releases before 18.12.11; fixed in 18.12.11 with commit <a href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=82c1737688" target="external">82c1737688</a></li> <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49070" target="external">CVE-2023-49070</a>; affected release 18.12.09; fixed in 18.12.10 with commit <a href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=c59336f604" target="external">c59336f604</a></li> <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46819" target="external">CVE-2023-46819</a>; affected release 18.12.08; fixed in 18.12.09 with commit <a href="https://gitbox.apache.org/repos/asf?p=ofbiz-plugins.git;h=998bf510a" target="external">998bf510a</a></li> <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25371" target="external">CVE-2022-25371</a>; affected release 18.12.07; fixed in 18.12.08 with commit <a href="https://github.com/apache/ofbiz-plugins/commit/41ff12cf8" target="external">41ff12cf8</a></li> @@ -199,8 +201,8 @@ <div class="container" id="footer"> <div class="row"> <div class="span6 timelineWidget"> - <h2>Latest tweets</h2> <!-- + <h2>Latest tweets</h2> <div class="divider"><span></span></div> <ul class="socialNetwork nav"> <li> @@ -215,10 +217,11 @@ <li><a href="#" class="icon-linkedin socialIcon tips" title="follow us on Linkedin"><span>linkedin</span></a></li> <li><a href="#" class="icon-pinterest-circled socialIcon tips" title="follow us on Pinterest"><span>Pinterest</span></a></li> </ul> - --> <div id="twitterFrame"> <a class="twitter-timeline" href="//twitter.com/ApacheOfbiz?height=250" data-widget-id="588661945194192896" data-tweet-limit="2" data-theme="dark" data-chrome="nofooter noheader transparent" >Tweets by @ApacheOfbiz</a> <script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0],p=/^http:/.test(d.location)?'http':'https';if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src=p+"://platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script> </div> + --> + </div> <div class="span3 contactWidget"> <h2>Contact Community</h2> diff --git a/template/page/security.tpl.php b/template/page/security.tpl.php index cc45756..6e974b4 100644 --- a/template/page/security.tpl.php +++ b/template/page/security.tpl.php @@ -34,8 +34,10 @@ <h3>List of Known Vulnerabilities</h3> <ul class="iconsList"> - <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51467" target="external">CVE-2023-51467</a>; affected release before 18.12.10; fixed in 18.12.11 with commit <a href="https://github.com/apache/ofbiz-framework/commit/d8b097f" target="external">d8b097f</a>, <a href="https://github.com/apache/ofbiz-framework/commit/1dcfa07180" target="external">1dcfa07180</a> </li> - <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50968" target="external">CVE-2023-50968</a>; affected release before 18.12.10; fixed in 18.12.11 with commit <a href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=82c1737688" target="external">82c1737688</a></li> + <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23946" target="external">CVE-2024-23946</a>; affected releases before 18.12.12; fixed in 18.12.12 with commits <a href="https://github.com/apache/ofbiz-framework/commit/b1cf4ef3e1" target="external">b1cf4ef3e1</a>, <a href="https://github.com/apache/ofbiz-framework/commit/93f8a58419" target="external">93f8a58419</a>, <a href="https://github.com/apache/ofbiz-framework/commit/c910e413ba" [...] + <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25065" target="external">CVE-2024-25065</a>; affected releases before 18.12.12; fixed in 18.12.12 with commit <a href="https://github.com/apache/ofbiz-framework/commit/b91a9b7f26" target="external">b91a9b7f26</a></li> + <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51467" target="external">CVE-2023-51467</a>; affected releases before 18.12.11; fixed in 18.12.11 with commits <a href="https://github.com/apache/ofbiz-framework/commit/d8b097f" target="external">d8b097f</a>, <a href="https://github.com/apache/ofbiz-framework/commit/1dcfa07180" target="external">1dcfa07180</a> </li> + <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50968" target="external">CVE-2023-50968</a>; affected releases before 18.12.11; fixed in 18.12.11 with commit <a href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=82c1737688" target="external">82c1737688</a></li> <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49070" target="external">CVE-2023-49070</a>; affected release 18.12.09; fixed in 18.12.10 with commit <a href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=c59336f604" target="external">c59336f604</a></li> <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46819" target="external">CVE-2023-46819</a>; affected release 18.12.08; fixed in 18.12.09 with commit <a href="https://gitbox.apache.org/repos/asf?p=ofbiz-plugins.git;h=998bf510a" target="external">998bf510a</a></li> <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25371" target="external">CVE-2022-25371</a>; affected release 18.12.07; fixed in 18.12.08 with commit <a href="https://github.com/apache/ofbiz-plugins/commit/41ff12cf8" target="external">41ff12cf8</a></li>