[jira] [Comment Edited] (OFBIZ-13158) [SECURITY] (CVE-2024-47208) Update method to check if the string starts with component:// instead of merely containing it

[Jacques Le Roux (Jira)]

    [ 
https://issues.apache.org/jira/browse/OFBIZ-13158?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17899698#comment-17899698
 ] 

Jacques Le Roux edited comment on OFBIZ-13158 at 11/20/24 9:23 AM:
-------------------------------------------------------------------

Thanks Danny,

You are right, fortunately that's not a commit message and all can be amended :)

BTW I add here the link to 
https://github.com/apache/ofbiz-framework/commit/efb43da46a part of OFBIZ-13160 
method name improvement only on trunk


was (Author: jacques.le.roux):
Thanks Danny,

You are right, fortunately that's not a commit message and all can be amended :)

BTW I add here the link to 
[https://github.com/apache/ofbiz-framework/commit/efb43da46a] part of 
OFBIZ-13160

>  [SECURITY] (CVE-2024-47208) Update method to check if the string starts with 
> component:// instead of merely containing it
> --------------------------------------------------------------------------------------------------------------------------
>
>                 Key: OFBIZ-13158
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-13158
>             Project: OFBiz
>          Issue Type: Sub-task
>          Components: framework/base
>    Affects Versions: 18.12.16
>            Reporter: Jacques Le Roux
>            Assignee: Deepak Dixit
>            Priority: Major
>             Fix For: 18.12.17
>
>
> To work the component protocol must be placed at start of URL



--
This message was sent by Atlassian Jira
(v8.20.10#820010)