Sorry, forgot to mention that there are also no functional changes : tabs
changed to spaces and trailing spaces removed.
Le 26/05/2023 à 10:49, jler...@apache.org a écrit :
This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ofbiz-site.git
The following commit(s) were added to refs/heads/master by this push:
new ac554c3 Fixed: fixes a documentation link
ac554c3 is described below
commit ac554c35de0a322a50717cb67525f3f023815a1c
Author: Jacques Le Roux <jacques.le.r...@les7arts.com>
AuthorDate: Fri May 26 10:49:56 2023 +0200
Fixed: fixes a documentation link
The "we highly suggest to OFBiz users to not use credentials demo in production"
link
---
security.html | 46 +++++++++++++++++++++---------------------
template/page/security.tpl.php | 18 ++++++++---------
2 files changed, 32 insertions(+), 32 deletions(-)
diff --git a/security.html b/security.html
index d2abe77..eb9778a 100644
--- a/security.html
+++ b/security.html
@@ -82,7 +82,7 @@
</li>
<li><a href="#" class="firstLevel">Community</a>
<ul>
- <li><a href="getting-involved.html">Getting Involved</a></li>
+ <li><a href="getting-involved.html">Getting Involved</a></li>
<li><a href="mailing-lists.html">Mailing Lists</a></li>
<li><a href="source-repositories.html">Source
Repository</a></li>
<li><a href="download.html">Downloads</a></li>
@@ -91,18 +91,18 @@
</ul>
</li>
<li><a href="ofbiz-demos.html" class="firstLevel">Demos</a></li>
- <li>
- <a href="//twitter.com/ApacheOfbiz" class="icon-twitter-bird
socialIcon tips"
- target="external" title="follow us on
Twitter"><span>twitter</span></a>
- </li>
- <li><a href="//www.linkedin.com/company/apache-ofbiz/" target="external" class="icon-linkedin
socialIcon tips" title="follow us on Linkedin"><span>linkedin</span></a></li>
- <li><a href="//www.facebook.com/Apache-OFBiz-1478219232210477/?ref=page_internal" target="external"
class="icon-facebook socialIcon tips" title="follow us on Facebook"><span>facebook</span></a></li>
- <li><a href="//www.youtube.com/user/ofbiz" class="icon-play socialIcon tips" target="external"
title="follow us on Youtube"><span>Youtube</span></a></li>
- <!--<li><a href="#" class="icon-rss socialIcon tips" title="Our rss
feed"><span>rss feed</span></a></li>
- <li><a href="#" class="icon-gplus socialIcon tips" title="follow us on Google
+"><span>google +</span></a></li>
- <li><a href="#" class="icon-instagram socialIcon tips" title="follow us on
Instagram"><span>instagram</span></a></li>
- <li><a href="#" class="icon-linkedin socialIcon tips" title="follow us on
Linkedin"><span>linkedin</span></a></li>
- <li><a href="#" class="icon-pinterest-circled socialIcon tips" title="follow us on
Pinterest"><span>Pinterest</span></a></li>-->
+ <li>
+ <a href="//twitter.com/ApacheOfbiz" class="icon-twitter-bird socialIcon
tips"
+ target="external" title="follow us on
Twitter"><span>twitter</span></a>
+ </li>
+ <li><a href="//www.linkedin.com/company/apache-ofbiz/" target="external" class="icon-linkedin socialIcon
tips" title="follow us on Linkedin"><span>linkedin</span></a></li>
+ <li><a href="//www.facebook.com/Apache-OFBiz-1478219232210477/?ref=page_internal" target="external"
class="icon-facebook socialIcon tips" title="follow us on Facebook"><span>facebook</span></a></li>
+ <li><a href="//www.youtube.com/user/ofbiz" class="icon-play socialIcon tips" target="external"
title="follow us on Youtube"><span>Youtube</span></a></li>
+ <!--<li><a href="#" class="icon-rss socialIcon tips" title="Our rss feed"><span>rss
feed</span></a></li>
+ <li><a href="#" class="icon-gplus socialIcon tips" title="follow us on Google
+"><span>google +</span></a></li>
+ <li><a href="#" class="icon-instagram socialIcon tips" title="follow us on
Instagram"><span>instagram</span></a></li>
+ <li><a href="#" class="icon-linkedin socialIcon tips" title="follow us on
Linkedin"><span>linkedin</span></a></li>
+ <li><a href="#" class="icon-pinterest-circled socialIcon tips" title="follow us on
Pinterest"><span>Pinterest</span></a></li>-->
</ul>
</nav>
</div>
@@ -130,23 +130,23 @@
<h2><a id="security"></a>Security Vulnerabilities</h2>
<div class="divider"><span></span></div>
<p>Please see the <a href="https://www.apache.org/security"
target="external">ASF Security Team webpage</a> for further information about reporting a security
vulnerability as well as their contact information. </p>
-
+
<p><strong>We strongly encourage OfBiz users to report security
problems affecting OFBiz to the private security mailing lists (either
secur...@ofbiz.apache.org or secur...@apache.org),
before disclosing them in a public forum. Please don't pack several
vulnerabilities in the same report, send them one by one, thanks in
advance.</strong></p>
-
- <p>Note that we no longer create CVEs for post-auth attacks done
using demo credentials, notably using the admin user.
+
+ <p>Note that we no longer create CVEs for post-auth attacks done
using demo credentials, notably using the admin user.
<strong> <a href="https://s.apache.org/dsj2p"> Rather create bugs reports in our issue tracker (Jira) for
that.</a><span style="color:red"> Please don't create Jira issues for unauth (aka pre-auth) reports, thanks in
advance.</span></strong></p>
-
- <p>One of the reason we no longer create CVEs for post-auth
attacks done using demo credentials is because
- <a href="https://nightlies.apache.org/ofbiz/trunk/readme/html5/#security"
target="external"> we highly suggest to OFBiz users to not use credentials demo in
production</a>
+
+ <p>One of the reason we no longer create CVEs for post-auth
attacks done using demo credentials is because
+ <a href="https://nightlies.apache.org/ofbiz/trunk/readme/html5/README.html#security"
target="external"> we highly suggest to OFBiz users to not use credentials demo in
production</a>
and we expect OFBiz users to do so.
- <a href="https://cwiki.apache.org/confluence/display/OFBIZ/Keeping+OFBiz+secure"
target="external"> We also warn our users on the "Keeping OFBiz secure wiki page".</a>
+ <a href="https://cwiki.apache.org/confluence/display/OFBIZ/Keeping+OFBiz+secure"
target="external"> We also warn our users on the "Keeping OFBiz secure wiki page".</a>
And finally, mostly we reject post-auth vulnerabilities because we have
a solid CSRF defense.</p>
-
+
<h3>List of Known Vulnerabilities</h3>
<ul class="iconsList">
- <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47501" target="external">CVE-2022-47501</a>; affected releases before 18.12.07; fixed in 18.12.07 with commit <a href="https://github.com/apache/ofbiz-plugins/commit/582add7d3" target="external">582add7d3</a></li>
+ <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47501"
target="external">CVE-2022-47501</a>; affected releases before 18.12.07; fixed in 18.12.07 with commit <a
href="https://github.com/apache/ofbiz-plugins/commit/582add7d3" target="external">582add7d3</a></li>
<li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25813" target="external">CVE-2022-25813</a>;
affected releases before 18.12.06; fixed in 18.12.06 with commits <a href="https://github.com/apache/ofbiz-framework/commit/843b1c7e71" target="external">843b1c7e71</a>, <a
href="https://github.com/apache/ofbiz-framework/commit/3797e60375" target="external">3797e60375</a>, <a href="https://github.com/apache/ofbiz-framework/commit/b24dcff344"
[...]
<li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29063"
target="external">CVE-2022-29063</a>; affected releases before 18.12.06; fixed in 18.12.06 with commit <a
href="https://github.com/apache/ofbiz-plugins/commit/061252a80" target="external">061252a80</a></li>
<li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29158"
target="external">CVE-2022-29158</a>; affected releases before 18.12.06; fixed in 18.12.06 with commit <a
href="https://github.com/apache/ofbiz-framework/commit/ff92c4bc9" target="external">ff92c4bc9</a></li>
@@ -244,7 +244,7 @@
<li><a href="https://privacy.apache.org/policies/privacy-policy-public.html"
target="external">Privacy Policy</a></li>
<li><a href="https://www.apache.org/events/current-event"
target="external">Events</a></li>
<li><a href="https://www.apache.org/foundation/sponsorship.html"
target="external">Sponsorship</a>
- and <a href="https://www.apache.org/foundation/contributing.html"
target="external">Donations</a>
+ and <a href="https://www.apache.org/foundation/contributing.html"
target="external">Donations</a>
</li>
<li><a href="https://www.apache.org/foundation/thanks.html"
target="external">Thanks</a></li>
<li><a
href="https://ofbiz.apache.org/security.html">Security</a></li>
diff --git a/template/page/security.tpl.php b/template/page/security.tpl.php
index 297cde5..6932770 100644
--- a/template/page/security.tpl.php
+++ b/template/page/security.tpl.php
@@ -19,23 +19,23 @@
<h2><a id="security"></a>Security Vulnerabilities</h2>
<div class="divider"><span></span></div>
<p>Please see the <a href="https://www.apache.org/security"
target="external">ASF Security Team webpage</a> for further information about reporting a security
vulnerability as well as their contact information. </p>
-
+
<p><strong>We strongly encourage OfBiz users to report security
problems affecting OFBiz to the private security mailing lists (either
secur...@ofbiz.apache.org or secur...@apache.org),
before disclosing them in a public forum. Please don't pack several
vulnerabilities in the same report, send them one by one, thanks in
advance.</strong></p>
-
- <p>Note that we no longer create CVEs for post-auth attacks done
using demo credentials, notably using the admin user.
+
+ <p>Note that we no longer create CVEs for post-auth attacks done
using demo credentials, notably using the admin user.
<strong> <a href="https://s.apache.org/dsj2p"> Rather create bugs reports in our issue tracker (Jira) for
that.</a><span style="color:red"> Please don't create Jira issues for unauth (aka pre-auth) reports, thanks in
advance.</span></strong></p>
-
- <p>One of the reason we no longer create CVEs for post-auth
attacks done using demo credentials is because
- <a href="https://nightlies.apache.org/ofbiz/trunk/readme/html5/#security"
target="external"> we highly suggest to OFBiz users to not use credentials demo in
production</a>
+
+ <p>One of the reason we no longer create CVEs for post-auth
attacks done using demo credentials is because
+ <a
href="https://nightlies.apache.org/ofbiz/trunk/readme/html5/README.html#security"> we
highly suggest to OFBiz users to not use credentials demo in production</a>
and we expect OFBiz users to do so.
- <a href="https://cwiki.apache.org/confluence/display/OFBIZ/Keeping+OFBiz+secure"
target="external"> We also warn our users on the "Keeping OFBiz secure wiki page".</a>
+ <a href="https://cwiki.apache.org/confluence/display/OFBIZ/Keeping+OFBiz+secure"
target="external"> We also warn our users on the "Keeping OFBiz secure wiki page".</a>
And finally, mostly we reject post-auth vulnerabilities because we have
a solid CSRF defense.</p>
-
+
<h3>List of Known Vulnerabilities</h3>
<ul class="iconsList">
- <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47501" target="external">CVE-2022-47501</a>; affected releases before 18.12.07; fixed in 18.12.07 with commit <a href="https://github.com/apache/ofbiz-plugins/commit/582add7d3" target="external">582add7d3</a></li>
+ <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47501"
target="external">CVE-2022-47501</a>; affected releases before 18.12.07; fixed in 18.12.07 with commit <a
href="https://github.com/apache/ofbiz-plugins/commit/582add7d3" target="external">582add7d3</a></li>
<li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25813" target="external">CVE-2022-25813</a>;
affected releases before 18.12.06; fixed in 18.12.06 with commits <a href="https://github.com/apache/ofbiz-framework/commit/843b1c7e71" target="external">843b1c7e71</a>, <a
href="https://github.com/apache/ofbiz-framework/commit/3797e60375" target="external">3797e60375</a>, <a href="https://github.com/apache/ofbiz-framework/commit/b24dcff344"
[...]
<li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29063"
target="external">CVE-2022-29063</a>; affected releases before 18.12.06; fixed in 18.12.06 with commit <a
href="https://github.com/apache/ofbiz-plugins/commit/061252a80" target="external">061252a80</a></li>
<li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29158"
target="external">CVE-2022-29158</a>; affected releases before 18.12.06; fixed in 18.12.06 with commit <a
href="https://github.com/apache/ofbiz-framework/commit/ff92c4bc9" target="external">ff92c4bc9</a></li>