[ https://issues.apache.org/jira/browse/OFBIZ-11353?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17036826#comment-17036826 ]
ASF subversion and git services commented on OFBIZ-11353: --------------------------------------------------------- Commit b874a11103e686c6adce6a696862e21da11a21bd in ofbiz-framework's branch refs/heads/release18.12 from Jacques Le Roux [ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=b874a11 ] Fixed: Temporarily comment out the "stream" request-map in ecommerce controller for security reason (OFBIZ-11353) A vulnerability has been reported to the OFBiz security team. To be able to release the 17.12.01 version with this vulnerability fixed we need to temporarily comment out the "stream" request-map in commonext controller. We will later fix the specific issue to put back the functionalities allowed by the "stream" request-map in this controller, see OFBIZ-11349 > Temporarily comment out the "stream" request-map in commonext controller.xml > for security reason > ------------------------------------------------------------------------------------------------ > > Key: OFBIZ-11353 > URL: https://issues.apache.org/jira/browse/OFBIZ-11353 > Project: OFBiz > Issue Type: Bug > Components: ALL COMPONENTS > Affects Versions: Upcoming Branch, Release Branch 17.12, Release Branch > 18.12 > Reporter: Jacques Le Roux > Priority: Blocker > > A vulnerability has been reported to the OFBiz security team. To be able to > release the 17.12.01 version with this vulnerability fixed we need to > temporarily comment out the "stream" request-map in commonext controller. We > will later fix the specific issue to put back the functionnalities allowed by > the "stream" request-map in commonext controller. -- This message was sent by Atlassian Jira (v8.3.4#803005)