Hi,
I have created https://issues.apache.org/jira/browse/OFBIZ-12196 for that
As I said there, without answers in a week I'll do so...
Jacques
Le 12/03/2021 à 09:19, Jacques Le Roux a écrit :
Hi,
After fixing this issue, I believe we should use Freemarker 2.3.31 in all supported branches because of possible (low but who knows...) security
issues fixed since 2.3.30
What do you think?
Jacques
Le 12/03/2021 à 09:01, ASF subversion and git services (Jira) a écrit :
[
https://issues.apache.org/jira/browse/OFBIZ-12195?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17300124#comment-17300124
]
ASF subversion and git services commented on OFBIZ-12195:
---------------------------------------------------------
Commit 9dd2a255e95c10588004e4fdfb794ab23d173103 in ofbiz-framework's branch
refs/heads/release17.12 from Jacques Le Roux
[ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=9dd2a25 ]
Fixed: webtools/control/threadList no longer works on trunk (only) (OFBIZ-12195)
It works if we downgrade Freemarker to 2.3.28 as in R18 and even using 2.3.29,
not 2.3.30.
Handles things at the Groovy level, ie put in context, rather than creating
in Freemarker template.
It's backported, even if it's not a pb but in trunk, because it's a (low)
security issue.
webtools/control/threadList no longer works on trunk (only)
-----------------------------------------------------------
Key: OFBIZ-12195
URL: https://issues.apache.org/jira/browse/OFBIZ-12195
Project: OFBiz
Issue Type: Sub-task
Components: framework/webtools
Affects Versions: Trunk
Reporter: Jacques Le Roux
Assignee: Jacques Le Roux
Priority: Major
Fix For: Upcoming Branch
This can be currently tested at
https://demo-trunk.ofbiz.apache.org/webtools/control/threadList
R18 and R17 are OK
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
