Sorry, forgot to mention that there are also no functional changes : tabs
changed to spaces and trailing spaces removed.
Le 26/05/2023 à 10:49, jler...@apache.org a écrit :
This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ofbiz-site.git
The following commit(s) were added to refs/heads/master by this push:
new ac554c3 Fixed: fixes a documentation link
ac554c3 is described below
commit ac554c35de0a322a50717cb67525f3f023815a1c
Author: Jacques Le Roux
AuthorDate: Fri May 26 10:49:56 2023 +0200
Fixed: fixes a documentation link
The "we highly suggest to OFBiz users to not use credentials demo in production"
link
---
security.html | 46 +-
template/page/security.tpl.php | 18 -
2 files changed, 32 insertions(+), 32 deletions(-)
diff --git a/security.html b/security.html
index d2abe77..eb9778a 100644
--- a/security.html
+++ b/security.html
@@ -82,7 +82,7 @@
Community
-Getting Involved
+Getting Involved
Mailing Lists
Source
Repository
Downloads
@@ -91,18 +91,18 @@
Demos
-
- twitter
-
- linkedin
- facebook
- Youtube
-
+
+twitter
+
+ linkedin
+ facebook
+ Youtube
+
@@ -130,23 +130,23 @@
Security Vulnerabilities
Please see the https://www.apache.org/security";
target="external">ASF Security Team webpage for further information about reporting a security
vulnerability as well as their contact information.
-
+
We strongly encourage OfBiz users to report security
problems affecting OFBiz to the private security mailing lists (either
secur...@ofbiz.apache.org or secur...@apache.org),
before disclosing them in a public forum. Please don't pack several
vulnerabilities in the same report, send them one by one, thanks in
advance.
-
-Note that we no longer create CVEs for post-auth attacks done
using demo credentials, notably using the admin user.
+
+Note that we no longer create CVEs for post-auth attacks done
using demo credentials, notably using the admin user.
https://s.apache.org/dsj2p";> Rather create bugs reports in our issue tracker (Jira) for
that. Please don't create Jira issues for unauth (aka pre-auth) reports, thanks in
advance.
-
-One of the reason we no longer create CVEs for post-auth
attacks done using demo credentials is because
-https://nightlies.apache.org/ofbiz/trunk/readme/html5/#security";
target="external"> we highly suggest to OFBiz users to not use credentials demo in
production
+
+One of the reason we no longer create CVEs for post-auth
attacks done using demo credentials is because
+https://nightlies.apache.org/ofbiz/trunk/readme/html5/README.html#security";
target="external"> we highly suggest to OFBiz users to not use credentials demo in
production
and we expect OFBiz users to do so.
-https://cwiki.apache.org/confluence/display/OFBIZ/Keeping+OFBiz+secure";
target="external"> We also warn our users on the "Keeping OFBiz secure wiki page".
+https://cwiki.apache.org/confluence/display/OFBIZ/Keeping+OFBiz+secure";
target="external"> We also warn our users on the "Keeping OFBiz secure wiki page".
And finally, mostly we reject post-auth vulnerabilities because we have
a solid CSRF defense.
-
+
List of Known Vulnerabilities
- CVE-2022-47501; affected releases before 18.12.07; fixed in 18.12.07 with commit https://github.com/apache/ofbiz-plugins/commit/582add7d3"; target="external">582add7d3
+ CVE-2022-47501; affected releases before 18.12.07; fixed in 18.12.07 with commit https://github.com/apache/ofbiz-plugins/commit/582add7d3"; target="external">582add7d3
CVE-2022-25813;
affected releases before 18.12.06; fixed in 18.12.06 with commits https://github.com/apache/ofbiz-framework/commit/843b1c7e71"; target="external">843b1c7e71, https://github.com/apache/ofbiz-framework/commit/3797e60375"; target="external">3797e60375, https://github.com/apache/ofbiz-framework/commit/b24dcff344";
[...]
CVE-2022-29063; affected releases before 18.12.06; fixed in 18.12.06 with commit https://github.com/apache/ofbiz-plugins/commit/061252a80"; target="external">061252a80
CVE-2022-29158; affected releases before 18.12.06; fixed in 18.12.06 with commit https://github.com/apache/ofbiz-framewo