The GitHub Actions job "CodeQL" on ofbiz-framework.git has failed. Run started by GitHub user asfgit (triggered by asfgit).
Head commit for run: 2026c88e91ca0f6a7d4adb18a78e9593a897f099 / Jacques Le Roux <[email protected]> Fixed: [codeQL] Resolving specific Java issues (OFBIZ-12925) This concerns a possible server-side request forgery reported by CodeQL <<To fix the SSRF vulnerability, we need to ensure that the URL being used in the readXmlDocument method is validated and restricted to a set of allowed URLs or domains. This can be achieved by maintaining a whitelist of allowed URLs or domains and checking the user-provided URL against this list before proceeding with the request.>> Fortunately we already have and can use the host-headers-allowed property in security.properties. Here is the fix. While a it improves RequestHandler by setting HOSTHEADERSALLOWED as static Report URL: https://github.com/apache/ofbiz-framework/actions/runs/13493783973 With regards, GitHub Actions via GitBox
