Hi Pierre, All,
Yes saw that, complications comes with me using Win7.
As I said in the Jira: I'm not sure we need to make new releases (18 and 22).
Because I doubt users persist sessions using advanced FileStore feature. So
maybe simply a warning could be sufficient.
Jacques
Le 26/01/2022 à 12:42, Pierre Smits a écrit :
Hey Jacques,
It seems to me that this commit does not address the issue described in the
referenced ticket: https://issues.apache.org/jira/browse/OFBIZ-12539.
Should this not be corrected? E.g. having its own ticket?
Met vriendelijke groet,
Pierre Smits
*Proud* *contributor** of* Apache OFBiz <https://ofbiz.apache.org/> since
2008 (without privileges)
Proud contributor to the ASF since 2006
*Apache Directory <https://directory.apache.org>, PMC Member*
Anyone could have been you, whereas I've always been anyone.
On Wed, Jan 26, 2022 at 12:34 PM <[email protected]> wrote:
This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/trunk by this push:
new 6ed30b7 Fixed: Upgrade Tomcat from 9.0.54 to 9.0.58 (OFBIZ-12539)
6ed30b7 is described below
commit 6ed30b76652e24162bcbc6efe4ca912ba0e31bc2
Author: Jacques Le Roux <[email protected]>
AuthorDate: Wed Jan 26 12:31:50 2022 +0100
Fixed: Upgrade Tomcat from 9.0.54 to 9.0.58 (OFBIZ-12539)
The fix for bug CVE-2020-9484 introduced a time of check, time of use
vulnerability that allowed a local attacker to perform actions with the
privileges of the user that the Tomcat process is using. This issue is
only
exploitable when Tomcat is configured to persist sessions using the
FileStore.
---
themes/common-theme/webapp/common/js/package.json | 33
++++++++++++-----------
1 file changed, 18 insertions(+), 15 deletions(-)
diff --git a/themes/common-theme/webapp/common/js/package.json
b/themes/common-theme/webapp/common/js/package.json
index 036a227..429ade6 100644
--- a/themes/common-theme/webapp/common/js/package.json
+++ b/themes/common-theme/webapp/common/js/package.json
@@ -1,17 +1,20 @@
{
- "name": "ofbiz-framework",
- "description": "ofbiz-framework NPM dependencies configuration",
- "repository": "https://github.com/apache/ofbiz-framework.git";,
- "license": "Apache-2.0",
- "dependencies": {
- "jquery": "^3.6.0",
- "jquery-migrate": "^3.3.2",
- "jquery-validation": "^1.19.3",
- "jquery.browser": "^0.1.0",
- "dompurify": "^2.3.4",
- "jquery-ui-dist": "^1.13.0",
- "trumbowyg": "^2.25.1",
- "flot": "^4.2.2",
- "@chinchilla-software/jquery-ui-timepicker-addon": "^1.6.3"
- }
+ "name": "ofbiz-framework",
+ "description": "ofbiz-framework NPM dependencies configuration",
+ "repository": "https://github.com/apache/ofbiz-framework.git";,
+ "license": "Apache-2.0",
+ "dependencies": {
+ "jquery": "^3.6.0",
+ "jquery-migrate": "^3.3.2",
+ "jquery-validation": "^1.19.3",
+ "jquery.browser": "^0.1.0",
+ "dompurify": "^2.3.4",
+ "jquery-ui-dist": "^1.13.0",
+ "trumbowyg": "^2.25.1",
+ "flot": "^4.2.2",
+ "@chinchilla-software/jquery-ui-timepicker-addon": "^1.6.3"
+ },
+ "scripts": {
+ "lint": "jshint **.js --reporter checkstyle > checkstyle.xml"
+ }
}
