Hey Jacques, It seems to me that this commit does not address the issue described in the referenced ticket: https://issues.apache.org/jira/browse/OFBIZ-12539.
Should this not be corrected? E.g. having its own ticket? Met vriendelijke groet, Pierre Smits *Proud* *contributor** of* Apache OFBiz <https://ofbiz.apache.org/> since 2008 (without privileges) Proud contributor to the ASF since 2006 *Apache Directory <https://directory.apache.org>, PMC Member* Anyone could have been you, whereas I've always been anyone. On Wed, Jan 26, 2022 at 12:34 PM <jler...@apache.org> wrote: > This is an automated email from the ASF dual-hosted git repository. > > jleroux pushed a commit to branch trunk > in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git > > > The following commit(s) were added to refs/heads/trunk by this push: > new 6ed30b7 Fixed: Upgrade Tomcat from 9.0.54 to 9.0.58 (OFBIZ-12539) > 6ed30b7 is described below > > commit 6ed30b76652e24162bcbc6efe4ca912ba0e31bc2 > Author: Jacques Le Roux <jacques.le.r...@les7arts.com> > AuthorDate: Wed Jan 26 12:31:50 2022 +0100 > > Fixed: Upgrade Tomcat from 9.0.54 to 9.0.58 (OFBIZ-12539) > > The fix for bug CVE-2020-9484 introduced a time of check, time of use > vulnerability that allowed a local attacker to perform actions with the > privileges of the user that the Tomcat process is using. This issue is > only > exploitable when Tomcat is configured to persist sessions using the > FileStore. > --- > themes/common-theme/webapp/common/js/package.json | 33 > ++++++++++++----------- > 1 file changed, 18 insertions(+), 15 deletions(-) > > diff --git a/themes/common-theme/webapp/common/js/package.json > b/themes/common-theme/webapp/common/js/package.json > index 036a227..429ade6 100644 > --- a/themes/common-theme/webapp/common/js/package.json > +++ b/themes/common-theme/webapp/common/js/package.json > @@ -1,17 +1,20 @@ > { > - "name": "ofbiz-framework", > - "description": "ofbiz-framework NPM dependencies configuration", > - "repository": "https://github.com/apache/ofbiz-framework.git", > - "license": "Apache-2.0", > - "dependencies": { > - "jquery": "^3.6.0", > - "jquery-migrate": "^3.3.2", > - "jquery-validation": "^1.19.3", > - "jquery.browser": "^0.1.0", > - "dompurify": "^2.3.4", > - "jquery-ui-dist": "^1.13.0", > - "trumbowyg": "^2.25.1", > - "flot": "^4.2.2", > - "@chinchilla-software/jquery-ui-timepicker-addon": "^1.6.3" > - } > + "name": "ofbiz-framework", > + "description": "ofbiz-framework NPM dependencies configuration", > + "repository": "https://github.com/apache/ofbiz-framework.git", > + "license": "Apache-2.0", > + "dependencies": { > + "jquery": "^3.6.0", > + "jquery-migrate": "^3.3.2", > + "jquery-validation": "^1.19.3", > + "jquery.browser": "^0.1.0", > + "dompurify": "^2.3.4", > + "jquery-ui-dist": "^1.13.0", > + "trumbowyg": "^2.25.1", > + "flot": "^4.2.2", > + "@chinchilla-software/jquery-ui-timepicker-addon": "^1.6.3" > + }, > + "scripts": { > + "lint": "jshint **.js --reporter checkstyle > checkstyle.xml" > + } > } >