[jira] (OFBIZ-12594) Prevent Freemarker interpolation in fields

Jacques Le Roux (Jira) Mon, 04 Apr 2022 00:21:17 -0700


    [ https://issues.apache.org/jira/browse/OFBIZ-12594 ]



    Jacques Le Roux deleted comment on OFBIZ-12594:
    -----------------------------------------

was (Author: jacques.le.roux):
Due to INFRA-22843 the trunk commit is in OFBIZ-12587, I don't copy it here :/

> Prevent Freemarker interpolation in fields
> ------------------------------------------
>
>                 Key: OFBIZ-12594
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-12594
>             Project: OFBiz
>          Issue Type: Improvement
>          Components: ALL APPLICATIONS, ALL PLUGINS
>    Affects Versions: 18.12.06, 22.01.01
>            Reporter: Jacques Le Roux
>            Assignee: Jacques Le Roux
>            Priority: Major
>
> OFBIZ-12587 is a definitive solution to prevent any kind of Freemarker 
> exploits. But it's hard to realise because OFBiz exposes objects, like 
> attributes from the Servlet scopes. So in the meantime preventing Freemarker 
> interpolation in fields is a pragmatic solution.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] (OFBIZ-12594) Prevent Freemarker interpolation in fields

Reply via email to