[jira] [Commented] (OFBIZ-13162) [SECURITY] (CVE-2024-48962) Enhance Parameter Encoding in MacroMenuRenderer

ASF subversion and git services (Jira) Mon, 25 Nov 2024 23:33:08 -0800


    [ 
https://issues.apache.org/jira/browse/OFBIZ-13162?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17901109#comment-17901109
 ]


ASF subversion and git services commented on OFBIZ-13162:
---------------------------------------------------------

Commit 578cb539d84f3a0efbe7945160849c39c424c5d8 in ofbiz-framework's branch 
refs/heads/trunk from Jacques Le Roux
[ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=578cb539d8 ]

Improved: Prevent URL parameters manipulation (OFBIZ-13147)

Reverts the revert in OFBIZ-13162
Adds a @SuppressWarnings("unused") to MacroFormRenderer::executeMacro


>  [SECURITY] (CVE-2024-48962) Enhance Parameter Encoding in MacroMenuRenderer
> ----------------------------------------------------------------------------
>
>                 Key: OFBIZ-13162
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-13162
>             Project: OFBiz
>          Issue Type: Sub-task
>            Reporter: Deepak Dixit
>            Assignee: Deepak Dixit
>            Priority: Major
>             Fix For: 18.12.17
>
>
> {{MacroMenuRenderer}} should utilize {{UtilCodec.SimpleEncoder}} to encode 
> parameter values when available.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (OFBIZ-13162) [SECURITY] (CVE-2024-48962) Enhance Parameter Encoding in MacroMenuRenderer

Reply via email to