CVE-2024-25065: Apache OFBiz: Path traversal allowing authentication bypass.
Severity: critical Affected versions: - Apache OFBiz before 18.12.12 Description: Possible path traversal in Apache OFBiz allowing authentication bypass. Users are recommended to upgrade to version 18.12.12, that fixes the issue. Credit: YunPeng - 郭 运鹏 (finder) References: https://ofbiz.apache.org/download.html https://ofbiz.apache.org/security.html https://ofbiz.apache.org/release-notes-18.12.12.html https://issues.apache.org/jira/browse/OFBIZ-12887 https://ofbiz.apache.org/ https://www.cve.org/CVERecord?id=CVE-2024-25065
CVE-2023-46819: Apache OFBiz: Execution of Solr plugin queries without authentication
Severity: moderate Affected versions: - Apache OFBiz before 18.12.09 Description: Missing Authentication in Apache Software Foundation Apache OFBiz when using the Solr plugin. This issue affects Apache OFBiz: before 18.12.09. Users are recommended to upgrade to version 18.12.09 Credit: Anonymous by demand (finder) References: https://ofbiz.apache.org/download.html https://ofbiz.apache.org/security.html https://ofbiz.apache.org/release-notes-18.12.09.html https://ofbiz.apache.org/ https://www.cve.org/CVERecord?id=CVE-2023-46819
CVE-2023-51467: Apache OFBiz: Pre-authentication Remote Code Execution (RCE) vulnerability
Severity: critical Affected versions: - Apache OFBiz before 18.12.11 Description: The vulnerability allows attackers to bypass authentication to achieve a simple Server-Side Request Forgery (SSRF) This issue is being tracked as OFBIZ-12873 Credit: Hasib Vhora, Senior Threat Researcher, SonicWall (finder) Gao Tian (finder) L0ne1y (finder) References: https://ofbiz.apache.org/download.html https://ofbiz.apache.org/security.html https://ofbiz.apache.org/release-notes-18.12.11.html https://issues.apache.org/jira/browse/OFBIZ-12873 https://ofbiz.apache.org/ https://www.cve.org/CVERecord?id=CVE-2023-51467 https://issues.apache.org/jira/browse/OFBIZ-12873
[ANNOUNCE] Apache OFBiz 18.12.05 released
The Apache OFBiz community is pleased to announce the new release "Apache OFBiz 18.12.05". Apache OFBiz® is an open source product for the automation of enterprise processes that includes framework components and business applications. http://ofbiz.apache.org/ "Apache OFBiz 18.12.05" is the fifth release of the 18.12 series. For details of the changes introduced with this new version please refer to http://ofbiz.apache.org/release-notes-18.12.05.html The history of security related fixes included in each release is available here: https://ofbiz.apache.org/security.html The release files can be downloaded following the instructions in the OFBiz download page: http://ofbiz.apache.org/download.html
[ANNOUNCE] Apache OFBiz 18.12.09 released
The Apache OFBiz community is pleased to announce the new release "Apache OFBiz 18.12.09". Apache OFBiz® is an open source product for the automation of enterprise processes that includes framework components and business applications. http://ofbiz.apache.org/ "Apache OFBiz 18.12.09" is the ninth release of the 18.12 series. For details of the changes introduced with this new version please refer to http://ofbiz.apache.org/release-notes-18.12.09.html The history of security related fixes included in each release is available here: https://ofbiz.apache.org/security.html The release files can be downloaded following the instructions in the OFBiz download page: http://ofbiz.apache.org/download.html
[ANNOUNCE] Apache OFBiz 18.12.10 released
The Apache OFBiz community is pleased to announce the new release "Apache OFBiz 18.12.10". Apache OFBiz® is an open source product for the automation of enterprise processes that includes framework components and business applications. http://ofbiz.apache.org/ "Apache OFBiz 18.12.10" is the tenth release of the 18.12 series. For details of the changes introduced with this new version please refer to http://ofbiz.apache.org/release-notes-18.12.10.html The history of security related fixes included in each release is available here: https://ofbiz.apache.org/security.html The release files can be downloaded following the instructions in the OFBiz download page: http://ofbiz.apache.org/download.html
CVE-2023-49070: Pre-auth RCE in Apache Ofbiz 18.12.09 due to XML-RPC still present
Severity: moderate Affected versions: - Apache OFBiz before 18.12.10 Description: Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10. Users are recommended to upgrade to version 18.12.10 This issue is being tracked as OFBIZ-12812 Credit: Siebene@ (finder) References: https://ofbiz.apache.org/download.html https://ofbiz.apache.org/security.html https://ofbiz.apache.org/release-notes-18.12.10.html https://ofbiz.apache.org/ https://www.cve.org/CVERecord?id=CVE-2023-49070 https://issues.apache.org/jira/browse/OFBIZ-12812
[ANNOUNCE] Apache OFBiz 18.12.11 released
The Apache OFBiz community is pleased to announce the new release "Apache OFBiz 18.12.11". Apache OFBiz® is an open source product for the automation of enterprise processes that includes framework components and business applications. http://ofbiz.apache.org/ "Apache OFBiz 18.12.11" is the eleventh release of the 18.12 series. For details of the changes introduced with this new version please refer to http://ofbiz.apache.org/release-notes-18.12.11.html The history of security related fixes included in each release is available here: https://ofbiz.apache.org/security.html The release files can be downloaded following the instructions in the OFBiz download page: http://ofbiz.apache.org/download.html
CVE-2023-50968: Apache OFBiz: Arbitrary file properties reading and SSRF attack
Severity: important Affected versions: - Apache OFBiz through 18.12.10 Description: Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations. The same uri can be operated to realize a SSRF attack also without authorizations. Users are recommended to upgrade to version 18.12.11, which fixes this issue. Credit: Yun Peng - 郭 运鹏 (finder) References: https://ofbiz.apache.org/download.html https://ofbiz.apache.org/security.html https://ofbiz.apache.org/release-notes-18.12.11.html https://issues.apache.org/jira/browse/OFBIZ-12875 https://ofbiz.apache.org/ https://www.cve.org/CVERecord?id=CVE-2023-50968
[ANNOUNCE] Apache OFBiz 18.12.13 released
The Apache OFBiz community is pleased to announce the new release "Apache OFBiz 18.12.13". Apache OFBiz® is an open source product for the automation of enterprise processes that includes framework components and business applications. http://ofbiz.apache.org/ "Apache OFBiz 18.12.13" is the 13th release of the 18.12 series. For details of the changes introduced with this new version please refer to http://ofbiz.apache.org/release-notes-18.12.13.html The history of security related fixes included in each release is available here: https://ofbiz.apache.org/security.html The release files can be downloaded following the instructions in the OFBiz download page: http://ofbiz.apache.org/download.html
[ANNOUNCE] Apache OFBiz 18.12.14 released
The Apache OFBiz community is pleased to announce the new release "Apache OFBiz 18.12.14". Apache OFBiz® is an open source product for the automation of enterprise processes that includes framework components and business applications. http://ofbiz.apache.org/ "Apache OFBiz 18.12.14" is the 14th release of the 18.12 series. For details of the changes introduced with this new version please refer to http://ofbiz.apache.org/release-notes-18.12.14.html The history of security related fixes included in each release is available here: https://ofbiz.apache.org/security.html The release files can be downloaded following the instructions in the OFBiz download page: http://ofbiz.apache.org/download.html
[ANNOUNCE] Apache OFBiz 18.12.06 released
The Apache OFBiz community is pleased to announce the new release "Apache OFBiz 18.12.06". Apache OFBiz® is an open source product for the automation of enterprise processes that includes framework components and business applications. http://ofbiz.apache.org/ "Apache OFBiz 18.12.06" is the sixth and final release of the 18.12 series. For details of the changes introduced with this new version please refer to http://ofbiz.apache.org/release-notes-18.12.06.html The history of security related fixes included in each release is available here: https://ofbiz.apache.org/security.html The release files can be downloaded following the instructions in the OFBiz download page: http://ofbiz.apache.org/download.html
[ANNOUNCE] Apache OFBiz 18.12.07 released
The Apache OFBiz community is pleased to announce the new release "Apache OFBiz 18.12.07". Apache OFBiz® is an open source product for the automation of enterprise processes that includes framework components and business applications. http://ofbiz.apache.org/ "Apache OFBiz 18.12.07" is the seventh and final release of the 18.12 series. For details of the changes introduced with this new version please refer to http://ofbiz.apache.org/release-notes-18.12.07.html The history of security related fixes included in each release is available here: https://ofbiz.apache.org/security.html The release files can be downloaded following the instructions in the OFBiz download page: http://ofbiz.apache.org/download.html
[ANNOUNCE] Apache OFBiz 18.12.08 released
The Apache OFBiz community is pleased to announce the new release "Apache OFBiz 18.12.08". Apache OFBiz® is an open source product for the automation of enterprise processes that includes framework components and business applications. http://ofbiz.apache.org/ "Apache OFBiz 18.12.08" is the eighth and final release of the 18.12 series. For details of the changes introduced with this new version please refer to http://ofbiz.apache.org/release-notes-18.12.08.html The history of security related fixes included in each release is available here: https://ofbiz.apache.org/security.html The release files can be downloaded following the instructions in the OFBiz download page: http://ofbiz.apache.org/download.html
[ANNOUNCE] Apache OFBiz 18.12.12 released
The Apache OFBiz community is pleased to announce the new release "Apache OFBiz 18.12.12". Apache OFBiz® is an open source product for the automation of enterprise processes that includes framework components and business applications. http://ofbiz.apache.org/ "Apache OFBiz 18.12.12" is the twelfth release of the 18.12 series. For details of the changes introduced with this new version please refer to http://ofbiz.apache.org/release-notes-18.12.12.html The history of security related fixes included in each release is available here: https://ofbiz.apache.org/security.html The release files can be downloaded following the instructions in the OFBiz download page: http://ofbiz.apache.org/download.html
[ANNOUNCE] Apache OFBiz 18.12.15 released
The Apache OFBiz community is pleased to announce the new release "Apache OFBiz 18.12.15". Apache OFBiz® is an open source product for the automation of enterprise processes that includes framework components and business applications. http://ofbiz.apache.org/ "Apache OFBiz 18.12.15" is the 15th release of the 18.12 series. For details of the changes introduced with this new version please refer to http://ofbiz.apache.org/release-notes-18.12.15.html The history of security related fixes included in each release is available here: https://ofbiz.apache.org/security.html The release files can be downloaded following the instructions in the OFBiz download page: http://ofbiz.apache.org/download.html
CVE-2022-47501: Apache OFBiz: Arbitrary file reading vulnerability
Severity: important Description: Arbitrary file reading vulnerability in Apache Software Foundation Apache OFBiz.This issue affects Apache OFBiz: before 18.12.07. Required Configurations: Using the Solr plugin Solution: Upgrade to release 18.12.07 Credit: Skay (finder) References: https://lists.apache.org/list.html?announce@apache.org https://ofbiz.apache.org/download.html https://ofbiz.apache.org/security.html https://ofbiz.apache.org/ https://www.cve.org/CVERecord?id=CVE-2022-47501
[ANNOUNCE] Apache OFBiz 13.07.03 released
The Apache OFBiz community is pleased to announce the new release "Apache OFBiz 13.07.03". Apache OFBiz™ is an open source product for the automation of enterprise processes that includes framework components and business applications. http://ofbiz.apache.org/ "Apache OFBiz 13.07.03" is a bug fix release for the 13.07 series; all users of "Apache OFBiz 13.07.02" and "Apache OFBiz 13.07.01" are encouraged to upgrade to this latest release because the new release contains several improvements and bug fixes, including fixes for the following vulnerabilities: CVE-2015-3268 - Information disclosure vulnerability CVE-2016-2170 - Java deserialization vulnerability Release notes are available here: http://ofbiz.apache.org/release-notes-13.07.03.html The release file can be downloaded following the instructions in the OFBiz download page: http://ofbiz.apache.org/download.html http://ofbiz.apache.org/download.html#vulnerabilities The OFBiz Team.
[ANNOUNCE] Apache OFBiz 18.12.02 released
The Apache OFBiz community is pleased to announce the new release "Apache OFBiz 18.12.02". Apache OFBiz® is an open source product for the automation of enterprise processes that includes framework components and business applications. http://ofbiz.apache.org/ "Apache OFBiz 18.12.02" is the second release of the 18.12 series. For more details of the changes introduced with this new version please refer to http://ofbiz.apache.org/release-notes-18.12.02.html The release file can be downloaded following the instructions in the OFBiz download page: http://ofbiz.apache.org/download.html
CVE-2024-32113: Apache OFBiz: Path traversal leading to RCE
Severity: important
Affected versions:
- Apache OFBiz before 18.12.13
Description:
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13.
Users are recommended to upgrade to version 18.12.13, which fixes the issue.
Credit:
Qiyi Zhang (RacerZ) @secsys from Fudan (finder)
References:
https://ofbiz.apache.org/download.html
https://ofbiz.apache.org/security.html
https://issues.apache.org/jira/browse/OFBIZ-13006
https://lists.apache.org/thread/np8vgzr06z6cwm3tz7cs3609bdrj8526
https://ofbiz.apache.org/
https://www.cve.org/CVERecord?id=CVE-2024-32113
CVE-2024-36104: Apache OFBiz: Path traversal leading to a RCE
Severity: important
Affected versions:
- Apache OFBiz before 18.12.14
Description:
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.14.
Users are recommended to upgrade to version 18.12.14, which fixes the issue.
Credit:
godspeed (AAA@ZJU) (finder)
References:
https://ofbiz.apache.org/download.html
https://ofbiz.apache.org/security.html
https://issues.apache.org/jira/browse/OFBIZ-13092
https://lists.apache.org/thread/sv0xr8b1j7mmh5p37yldy9vmnzbodz2o
https://ofbiz.apache.org/
https://www.cve.org/CVERecord?id=CVE-2024-36104
[ANNOUNCE] Apache OFBiz 16.11.02 released
The Apache OFBiz community is pleased to announce the new release "Apache OFBiz 16.11.02". Apache OFBiz® is an open source product for the automation of enterprise processes that includes framework components and business applications. http://ofbiz.apache.org/ "Apache OFBiz 16.11.02" is the latest and greatest release of OFBiz; for more details of the changes introduced with this new version please refer to http://ofbiz.apache.org/release-notes-16.11.02.html. The release file can be downloaded following the instructions in the OFBiz download page: http://ofbiz.apache.org/download.html The OFBiz community.
[ANNOUNCE] Apache OFBiz 16.11.03 released
The Apache OFBiz community is pleased to announce the new release "Apache OFBiz 16.11.03". Apache OFBiz® is an open source product for the automation of enterprise processes that includes framework components and business applications. http://ofbiz.apache.org/ "Apache OFBiz 16.11.03" is the latest and greatest release of OFBiz; for more details of the changes introduced with this new version please refer to http://ofbiz.apache.org/release-notes-16.11.03.html. The release file can be downloaded following the instructions in the OFBiz download page: http://ofbiz.apache.org/download.html The OFBiz community.
[ANNOUNCE] Apache OFBiz 16.11.04 released
The Apache OFBiz community is pleased to announce the new release "Apache OFBiz 16.11.04". Apache OFBiz® is an open source product for the automation of enterprise processes that includes framework components and business applications. http://ofbiz.apache.org/ "Apache OFBiz 16.11.04" is the latest and greatest release of OFBiz; for more details of the changes introduced with this new version please refer to http://ofbiz.apache.org/release-notes-16.11.04.html. The release file can be downloaded following the instructions in the OFBiz download page: http://ofbiz.apache.org/download.html The OFBiz community.
[ANNOUNCE] Apache OFBiz 16.11.05 released
The Apache OFBiz community is pleased to announce the new release "Apache OFBiz 16.11.05". Apache OFBiz® is an open source product for the automation of enterprise processes that includes framework components and business applications. http://ofbiz.apache.org/ "Apache OFBiz 16.11.05" is the latest and greatest release of OFBiz; for more details of the changes introduced with this new version please refer to http://ofbiz.apache.org/release-notes-16.11.05.html The release file can be downloaded following the instructions in the OFBiz download page: http://ofbiz.apache.org/download.html The OFBiz community.
[ANNOUNCE] Apache OFBiz 16.11.06 released
The Apache OFBiz community is pleased to announce the new release "Apache OFBiz 16.11.06". Apache OFBiz® is an open source product for the automation of enterprise processes that includes framework components and business applications. http://ofbiz.apache.org/ "Apache OFBiz 16.11.06" is the latest and greatest release of OFBiz; for more details of the changes introduced with this new version please refer to http://ofbiz.apache.org/release-notes-16.11.06.html The release file can be downloaded following the instructions in the OFBiz download page: http://ofbiz.apache.org/download.html The OFBiz community.
[ANNOUNCE] Apache OFBiz 17.12.04 release
The Apache OFBiz community is pleased to announce the new release "Apache OFBiz 17.12.04". Apache OFBiz® is an open source product for the automation of enterprise processes that includes framework components and business applications. http://ofbiz.apache.org/ "Apache OFBiz 17.12.04" is the fourth release of the 17.12 series; for more details of the changes introduced with this new version please refer to http://ofbiz.apache.org/release-notes-17.12.04.html The release file can be downloaded following the instructions in the OFBiz download page: http://ofbiz.apache.org/download.html The OFBiz community.
[ANNOUNCE] Apache OFBiz 18.12.01 released
The Apache OFBiz community is pleased to announce the new release "Apache OFBiz 18.12.01". Apache OFBiz® is an open source product for the automation of enterprise processes that includes framework components and business applications. http://ofbiz.apache.org/ "Apache OFBiz 18.12.01" is the first release of the 18.12 series. For more details of the changes introduced with this new version please refer to http://ofbiz.apache.org/release-notes-18.12.01.html The release file can be downloaded following the instructions in the OFBiz download page: http://ofbiz.apache.org/download.html The OFBiz community.
[ANNOUNCE] Apache OFBiz 18.12.03 released
The Apache OFBiz community is pleased to announce the new release "Apache OFBiz 18.12.03". Apache OFBiz® is an open source product for the automation of enterprise processes that includes framework components and business applications. http://ofbiz.apache.org/ "Apache OFBiz 18.12.03" is the third release of the 18.12 series. For more details of the changes introduced with this new version please refer to http://ofbiz.apache.org/release-notes-18.12.03.html The release file can be downloaded following the instructions in the OFBiz download page: http://ofbiz.apache.org/download.html
[ANNOUNCE] Apache OFBiz 18.12.04 released
The Apache OFBiz community is pleased to announce the new release "Apache OFBiz 18.12.04". Apache OFBiz® is an open source product for the automation of enterprise processes that includes framework components and business applications. http://ofbiz.apache.org/ "Apache OFBiz 18.12.04" is the fourth release of the 18.12 series. For details of the changes introduced with this new version please refer to http://ofbiz.apache.org/release-notes-18.12.04.html The release file can be downloaded following the instructions in the OFBiz download page: http://ofbiz.apache.org/download.html
[ANNOUNCE] Apache OFBiz 12.04.06 released
The Apache OFBiz community is pleased to announce the new release "Apache OFBiz 12.04.06". Apache OFBiz™ is an open source product for the automation of enterprise processes that includes framework components and business applications. http://ofbiz.apache.org/ "Apache OFBiz 12.04.06" is a bug fix release for the 12.04 series; all users of Apache OFBiz 12.04.* series are encouraged to upgrade to this latest release because the new release contains several improvements and bug fixes, including fixes for the following vulnerabilities: CVE-2015-3268 - Information disclosure vulnerability CVE-2016-2170 - Java deserialization vulnerability For remediation steps please refer to: https://cwiki.apache.org/confluence/x/ePmnAw Release notes are available here: http://ofbiz.apache.org/release-notes-12.04.06.html Note: this is the last release of the 12.04 series so please consider to upgrade to the 13.07 series. The release file can be downloaded following the instructions in the OFBiz download page: http://ofbiz.apache.org/download.html http://ofbiz.apache.org/download.html#vulnerabilities The OFBiz Team.
[ANNOUNCE] Apache OFBiz 16.11.07 released
The Apache OFBiz community is pleased to announce the new release "Apache OFBiz 16.11.07". Apache OFBiz® is an open source product for the automation of enterprise processes that includes framework components and business applications. http://ofbiz.apache.org/ "Apache OFBiz 16.11.07" is the latest release of OFBiz and it is probably going to be the last one in the 16.11 series; for more details of the changes introduced with this new version please refer to http://ofbiz.apache.org/release-notes-16.11.07.html The release file can be downloaded following the instructions in the OFBiz download page: http://ofbiz.apache.org/download.html The OFBiz community.
[ANNOUNCE] Apache OFBiz 17.12.01 release
The Apache OFBiz community is pleased to announce the new release "Apache OFBiz 17.12.01". Apache OFBiz® is an open source product for the automation of enterprise processes that includes framework components and business applications. http://ofbiz.apache.org/ "Apache OFBiz 17.12.01" is the latest release of OFBiz and is the first of the 17.12 series that supersedes the 16.11 release branch; for more details of the changes introduced with this new version please refer to http://ofbiz.apache.org/release-notes-17.12.01.html The release file can be downloaded following the instructions in the OFBiz download page: http://ofbiz.apache.org/download.html The OFBiz community.
[ANNOUNCE] Apache OFBiz 12.04.04 released
The Apache OFBiz community is pleased to announce the new release "Apache OFBiz 12.04.04". Apache OFBiz is an open source enterprise automation software project (ERP, CRM, E-Business / E-Commerce, MRP, SCM, CMMS/EAM...): http://ofbiz.apache.org/ "Apache OFBiz 12.04.04" is a bug fix release for the 12.04 series; all users of previous releases are encouraged to upgrade to this latest release because it contains several bug fixes including fixes for the following security vulnerability: http://ofbiz.apache.org/download.html#vulnerabilities The release file can be downloaded following the instructions in the OFBiz download page : http://ofbiz.apache.org/download.html The OFBiz Team. signature.asc Description: Message signed with OpenPGP using GPGMail
[ANNOUNCE] Apache OFBiz 17.12.03 release
The Apache OFBiz community is pleased to announce the new release "Apache OFBiz 17.12.03". Apache OFBiz® is an open source product for the automation of enterprise processes that includes framework components and business applications. http://ofbiz.apache.org/ "Apache OFBiz 17.12.03" is the third release of the 17.12 series (the release 17.12.02 was never announced because it had a build issue); for more details of the changes introduced with this new version please refer to http://ofbiz.apache.org/release-notes-17.12.03.html The release file can be downloaded following the instructions in the OFBiz download page: http://ofbiz.apache.org/download.html The OFBiz community.
[ANNOUNCE] Apache OFBiz 10.04.02 released
The Apache OFBiz community is pleased to announce the release "Apache OFBiz 10.04.02". Apache OFBiz is an open source enterprise automation software project (ERP, CRM, E-Business / E-Commerce, MRP, SCM, CMMS/EAM...): http://ofbiz.apache.org/ "Apache OFBiz 10.04.02" is a bug fix release for the 10.04 series; all users of "Apache OFBiz 10.04" (also known as "Apache OFBiz 10.04.01") are encouraged to upgrade to this latest release because the new release contains several bug fixes including fixes for the following security vulnerabilities: http://ofbiz.apache.org/download.html#vulnerabilities The release file can be downloaded following the instructions in the OFBiz download page : http://ofbiz.apache.org/download.html The OFBiz Team. signature.asc Description: Message signed with OpenPGP using GPGMail
[ANNOUNCE] Apache OFBiz 10.04.05 released
The Apache OFBiz community is pleased to announce the new release "Apache OFBiz 10.04.05". Apache OFBiz is an open source enterprise automation software project (ERP, CRM, E-Business / E-Commerce, MRP, SCM, CMMS/EAM...): http://ofbiz.apache.org/ "Apache OFBiz 10.04.05" is a bug fix release for the 10.04 series; all users of "Apache OFBiz 10.04.x" releases are encouraged to upgrade to this latest release because the new release contains bug fixes including fixes for a security vulnerability (CVE-2013-0177): http://ofbiz.apache.org/download.html#vulnerabilities The release file can be downloaded following the instructions in the OFBiz download page : http://ofbiz.apache.org/download.html The OFBiz Team. signature.asc Description: Message signed with OpenPGP using GPGMail
[ANNOUNCE] Apache OFBiz 11.04.02 released
The Apache OFBiz community is pleased to announce the new release "Apache OFBiz 11.04.02". Apache OFBiz is an open source enterprise automation software project (ERP, CRM, E-Business / E-Commerce, MRP, SCM, CMMS/EAM...): http://ofbiz.apache.org/ "Apache OFBiz 11.04.02" is a bug fix release for the 11.04 series; all users of "Apache OFBiz 11.04.01" release are encouraged to upgrade to this latest release because the new release contains bug fixes including fixes for a security vulnerability (CVE-2013-0177): http://ofbiz.apache.org/download.html#vulnerabilities The release file can be downloaded following the instructions in the OFBiz download page : http://ofbiz.apache.org/download.html The OFBiz Team. signature.asc Description: Message signed with OpenPGP using GPGMail
[ANNOUNCE] Apache OFBiz 17.12.05 released
The Apache OFBiz community is pleased to announce the new release "Apache OFBiz 17.12.05". Apache OFBiz® is an open source product for the automation of enterprise processes that includes framework components and business applications. http://ofbiz.apache.org/ "Apache OFBiz 17.12.05" is the fifth release of the 17.12 series and probably the last release in this series; in the future releases will be published from the newer series, which is 18.12. For more details of the changes introduced with this new version please refer to http://ofbiz.apache.org/release-notes-17.12.05.html The release file can be downloaded following the instructions in the OFBiz download page: http://ofbiz.apache.org/download.html The OFBiz community.
[ANNOUNCE] Apache OFBiz 17.12.06 released
The Apache OFBiz community is pleased to announce the new release "Apache OFBiz 17.12.06". Apache OFBiz® is an open source product for the automation of enterprise processes that includes framework components and business applications. http://ofbiz.apache.org/ "Apache OFBiz 17.12.06" is the sixth release of the 17.12 series and probably the last release in this series; in the future releases will be published from the newer series, which is 18.12. For more details of the changes introduced with this new version please refer to http://ofbiz.apache.org/release-notes-17.12.06.html The release file can be downloaded following the instructions in the OFBiz download page: http://ofbiz.apache.org/download.html The OFBiz community.
[ANNOUNCE] Apache OFBiz 17.12.07 released
The Apache OFBiz community is pleased to announce the new release "Apache OFBiz 17.12.07". Apache OFBiz® is an open source product for the automation of enterprise processes that includes framework components and business applications. http://ofbiz.apache.org/ "Apache OFBiz 17.12.07" is the seventh release of the 17.12 series and probably the last release in this series; in the future releases will be published from the newer series, which is 18.12. For more details of the changes introduced with this new version please refer to http://ofbiz.apache.org/release-notes-17.12.07.html The release file can be downloaded following the instructions in the OFBiz download page: http://ofbiz.apache.org/download.html The OFBiz community.
[ANNOUNCE] Apache OFBiz 17.12.08 released
The Apache OFBiz community is pleased to announce the new release "Apache OFBiz 17.12.08". Apache OFBiz® is an open source product for the automation of enterprise processes that includes framework components and business applications. http://ofbiz.apache.org/ "Apache OFBiz 17.12.08" is the eighth release of the 17.12 series and probably the last release in this series; in the future releases will be published from the newer series, which is 18.12. For more details of the changes introduced with this new version please refer to http://ofbiz.apache.org/release-notes-17.12.08.html The release file can be downloaded following the instructions in the OFBiz download page: http://ofbiz.apache.org/download.html The OFBiz community.
[ANNOUNCE] Apache OFBiz 16.11.01 released
The Apache OFBiz community is pleased to announce the new release "Apache OFBiz 16.11.01". Apache OFBiz® is an open source product for the automation of enterprise processes that includes framework components and business applications. http://ofbiz.apache.org/ "Apache OFBiz 16.11.01" is the latest and greatest release of OFBiz. The highlights of this release include: * Switch of the build system to Gradle * Removal of all libraries from OFBiz * Introduction of a plugin management system * Introduction of a unit testing framework * Conversion of all namespaces to org.apache.ofbiz * Inclusion of all "specialpurpose" components * Refactoring of source file layouts to be more compliant with project standards https://cwiki.apache.org/confluence/x/C4B2 * Simplification of the code base by leveraging various framework tools (e.g. "entity-auto" services) * Numerous features, bug fixes and refactoring of the code base. For more details please refer to the release notes, http://ofbiz.apache.org/release-notes-16.11.01.html . All users of previous releases including: * Apache OFBiz 13.07.* * Apache OFBiz 12.04.* * Apache OFBiz 11.04.* are encouraged to upgrade to this last version and to get in touch with the community (at u...@ofbiz.apache.org) to provide feedback or to receive help in the upgrade. The release file can be downloaded following the instructions in the OFBiz download page: http://ofbiz.apache.org/download.html http://ofbiz.apache.org/download.html#vulnerabilities *Special Dedication* The 16.11 releases are all dedicated to the memory of OFBiz Committer and ex PMC member Adrian Crum. Adrian passed away on 1st January 2016 and his loss is strongly felt. He was a valued member of the OFBiz community and his legacy will live on in the OFBiz codebase and in the lives of everyone he touched. The OFBiz community.
[ANNOUNCE] Apache OFBiz 10.04.03 released
The Apache OFBiz community is pleased to announce the new release "Apache OFBiz 10.04.03". Apache OFBiz is an open source enterprise automation software project (ERP, CRM, E-Business / E-Commerce, MRP, SCM, CMMS/EAM...): http://ofbiz.apache.org/ "Apache OFBiz 10.04.03" is a bug fix release for the 10.04 series; all users of "Apache OFBiz 10.04.02" and of "Apache OFBiz 10.04" (also known as "Apache OFBiz 10.04.01") are encouraged to upgrade to this latest release because the new release contains several bug fixes including fixes for the following security vulnerabilities: http://ofbiz.apache.org/download.html#vulnerabilities The release file can be downloaded following the instructions in the OFBiz download page : http://ofbiz.apache.org/download.html The OFBiz Team. signature.asc Description: Message signed with OpenPGP using GPGMail
[ANNOUNCE] Apache OFBiz 11.04.05 released
The Apache OFBiz community is pleased to announce the new release "Apache OFBiz 11.04.05". Apache OFBiz is an open source enterprise automation software project (ERP, CRM, E-Business / E-Commerce, MRP, SCM, CMMS/EAM...): http://ofbiz.apache.org/ "Apache OFBiz 11.04.05" is a bug fix release for the 11.04 series; all users of previous releases are encouraged to upgrade to this latest release (or migrate to the 12.04 series) because it contains several bug fixes including fixes for the following security vulnerability: http://ofbiz.apache.org/download.html#vulnerabilities This release may be the last one in this series: start planning to migrate to the 12.04 series. The release file can be downloaded following the instructions in the OFBiz download page : http://ofbiz.apache.org/download.html The OFBiz Team. signature.asc Description: Message signed with OpenPGP using GPGMail
[ANNOUNCE] Apache OFBiz 10.04.06 released
The Apache OFBiz community is pleased to announce the new release "Apache OFBiz 10.04.06". Apache OFBiz is an open source enterprise automation software project (ERP, CRM, E-Business / E-Commerce, MRP, SCM, CMMS/EAM...): http://ofbiz.apache.org/ "Apache OFBiz 10.04.06" is the last bug fix release for the 10.04 series; all users of "Apache OFBiz 10.04.*" releases are encouraged to upgrade to this latest release because the new release contains several bug fixes including fixes for the following security vulnerabilities: CVE-2013-2137 - XSS vulnerability in the "View Log" screen of the OFBiz Webtools application CVE-2013-2250 - Nested expression evaluation allows remote users to execute arbitrary UEL functions in OFBiz See also: http://ofbiz.apache.org/download.html#vulnerabilities The release file can be downloaded following the instructions in the OFBiz download page : http://ofbiz.apache.org/download.html The OFBiz Team. signature.asc Description: Message signed with OpenPGP using GPGMail
[ANNOUNCE] Apache OFBiz 12.04.02 released
The Apache OFBiz community is pleased to announce the new release "Apache OFBiz 12.04.02". Apache OFBiz is an open source enterprise automation software project (ERP, CRM, E-Business / E-Commerce, MRP, SCM, CMMS/EAM...): http://ofbiz.apache.org/ "Apache OFBiz 12.04.02" is a bug fix release for the 12.04 series; all users of "Apache OFBiz 12.04.01" release are encouraged to upgrade to this latest release because the new release contains several bug fixes including fixes for the following security vulnerabilities: CVE-2013-2137 - XSS vulnerability in the "View Log" screen of the OFBiz Webtools application CVE-2013-2250 - Nested expression evaluation allows remote users to execute arbitrary UEL functions in OFBiz See also: http://ofbiz.apache.org/download.html#vulnerabilities The release file can be downloaded following the instructions in the OFBiz download page : http://ofbiz.apache.org/download.html The OFBiz Team. signature.asc Description: Message signed with OpenPGP using GPGMail
[ANNOUNCE] Apache OFBiz 11.04.03 released
The Apache OFBiz community is pleased to announce the new release "Apache OFBiz 11.04.03". Apache OFBiz is an open source enterprise automation software project (ERP, CRM, E-Business / E-Commerce, MRP, SCM, CMMS/EAM...): http://ofbiz.apache.org/ "Apache OFBiz 11.04.03" is a bug fix release for the 11.04 series; all users of "Apache OFBiz 11.04.*" releases are encouraged to upgrade to this latest release because the new release contains several bug fixes including fixes for the following security vulnerabilities: CVE-2013-2137 - XSS vulnerability in the "View Log" screen of the OFBiz Webtools application CVE-2013-2250 - Nested expression evaluation allows remote users to execute arbitrary UEL functions in OFBiz See also: http://ofbiz.apache.org/download.html#vulnerabilities The release file can be downloaded following the instructions in the OFBiz download page : http://ofbiz.apache.org/download.html The OFBiz Team. signature.asc Description: Message signed with OpenPGP using GPGMail
[ANNOUNCE] Apache OFBiz 13.07.02 released
The Apache OFBiz community is pleased to announce the new release "Apache OFBiz 13.07.02". Apache OFBiz™ is an open source product for the automation of enterprise processes that includes framework components and business applications for ERP (Enterprise Resource Planning), CRM (Customer Relationship Management), E-Business / E-Commerce, SCM (Supply Chain Management), MRP (Manufacturing Resource Planning), MMS/EAM (Maintenance Management System/Enterprise Asset Management), POS (Point Of Sale). http://ofbiz.apache.org/ "Apache OFBiz 13.07.02" is a bug fix release for the 13.07 series; all users of "Apache OFBiz 13.07.01" are encouraged to upgrade to this latest release because the new release contains several bug fixes and improvements; release notes are available here: http://ofbiz.apache.org/release-notes-13.07.02.html The release file can be downloaded following the instructions in the OFBiz download page: http://ofbiz.apache.org/download.html The OFBiz Team. signature.asc Description: Message signed with OpenPGP using GPGMail
CVE-2024-38856: Apache OFBiz: Unauthenticated endpoint could allow execution of screen rendering code
Severity: important Affected versions: - Apache OFBiz through 18.12.14 Description: Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met (such as when the screen definitions don't explicitly check user's permissions because they rely on the configuration of their endpoints). This issue is being tracked as OFBIZ-13128 Credit: unam4 (finder) ruozhi (finder) m1sn0w (finder) kuiplatain (finder) PaperPen@Timeline Sec (finder) RacerZ (finder) e0mlja (finder) Donghyun (finder) 4ra1n (finder) godspeed (finder) Hasib Vhora (finder) pwnull (finder) blckder02-YHLab (finder) Xenc from SGLAB of Legendsec at Qi'anxin Group (finder) Nicholas Zubrisky. (finder) Y4tacker (finder) References: https://ofbiz.apache.org/download.html https://ofbiz.apache.org/security.html https://ofbiz.apache.org/ https://www.cve.org/CVERecord?id=CVE-2024-38856 https://issues.apache.org/jira/browse/OFBIZ-13128
[ANNOUNCE] Apache OFBiz 11.04.04 released
The Apache OFBiz community is pleased to announce the new release "Apache OFBiz 11.04.04". Apache OFBiz is an open source enterprise automation software project (ERP, CRM, E-Business / E-Commerce, MRP, SCM, CMMS/EAM...): http://ofbiz.apache.org/ "Apache OFBiz 11.04.04" is a bug fix release for the 11.04 series; all users of 11.04.x releases are encouraged to upgrade to this latest release because the new release contains several bug fixes. The release file can be downloaded following the instructions in the OFBiz download page : http://ofbiz.apache.org/download.html The OFBiz Team. signature.asc Description: Message signed with OpenPGP using GPGMail
[ANNOUNCE] Apache OFBiz 12.04.03 released
The Apache OFBiz community is pleased to announce the new release "Apache OFBiz 12.04.03". Apache OFBiz is an open source enterprise automation software project (ERP, CRM, E-Business / E-Commerce, MRP, SCM, CMMS/EAM...): http://ofbiz.apache.org/ "Apache OFBiz 12.04.03" is a bug fix release for the 12.04 series; all users of "Apache OFBiz 12.04.02" are encouraged to upgrade to this latest release because the new release contains several bug fixes. The release file can be downloaded following the instructions in the OFBiz download page : http://ofbiz.apache.org/download.html The OFBiz Team. signature.asc Description: Message signed with OpenPGP using GPGMail
[ANNOUNCE] Apache OFBiz 09.04.02 released
The Apache OFBiz community is pleased to announce the release "Apache OFBiz 09.04.02". Apache OFBiz is an open source enterprise automation software project (ERP, CRM, E-Business / E-Commerce, MRP, SCM, CMMS/EAM...): http://ofbiz.apache.org/ "Apache OFBiz 09.04.02" is a bug fix release for the 09.04 series; all users of "Apache OFBiz 09.04" or "Apache OFBiz 09.04.01" are encouraged to upgrade to this latest release while users of "Apache OFBiz 10.04" can safely ignore it. The release file can be downloaded following the instructions in the OFBiz download page : http://ofbiz.apache.org/download.html Kind regards, Jacopo Cappellato signature.asc Description: Message signed with OpenPGP using GPGMail
[ANNOUNCE] Apache OFBiz 12.04.01 released
The Apache OFBiz community is pleased to announce the new release "Apache OFBiz 12.04.01". Apache OFBiz is an open source enterprise automation software project (ERP, CRM, E-Business / E-Commerce, MRP, SCM, CMMS/EAM...): http://ofbiz.apache.org/ "Apache OFBiz 12.04.01" is the first release of the 12.04 series and contains all the features of the trunk up to April 2012 and since then has been stabilized with bug fixes. It is the OFBiz current stable release and users of the 11.04 series are encouraged to migrate to it in order to get all the new features implemented from April 2011 and April 2012. The release file can be downloaded following the instructions in the OFBiz download page : http://ofbiz.apache.org/download.html The OFBiz Team.
[ANNOUNCE] Apache OFBiz 11.04.01 released
The Apache OFBiz community is pleased to announce the new release "Apache OFBiz 11.04.01". Apache OFBiz is an open source enterprise automation software project (ERP, CRM, E-Business / E-Commerce, MRP, SCM, CMMS/EAM...). "Apache OFBiz 11.04.01" is the first release of the 11.04 series and contains all the features of the trunk up to April 2011 and since then has been stabilized with bug fixes. It is the OFBiz current stable release and users of the 10.04 series are encouraged to migrate to it in order to get all the new features implemented from April 2010 and April 2011; see details on the OFBiz website: http://ofbiz.apache.org/ The release file can be downloaded following the instructions in the OFBiz download page : http://ofbiz.apache.org/download.html The OFBiz Team.
[ANNOUNCE] Apache OFBiz 11.04.06 released
The Apache OFBiz community is pleased to announce the new release "Apache OFBiz 11.04.06". Apache OFBiz™ is an open source product for the automation of enterprise processes that includes framework components and business applications for ERP (Enterprise Resource Planning), CRM (Customer Relationship Management), E-Business / E-Commerce, SCM (Supply Chain Management), MRP (Manufacturing Resource Planning), MMS/EAM (Maintenance Management System/Enterprise Asset Management), POS (Point Of Sale). http://ofbiz.apache.org/ "Apache OFBiz 11.04.06" is a bug fix release for the 11.04 series; all users of previous releases are encouraged to upgrade to this latest release (or migrate to the 12.04 series). The release file can be downloaded following the instructions in the OFBiz download page: http://ofbiz.apache.org/download.html The OFBiz Team. signature.asc Description: Message signed with OpenPGP using GPGMail
[ANNOUNCE] Apache OFBiz 12.04.05 released
The Apache OFBiz community is pleased to announce the new release "Apache OFBiz 12.04.05". Apache OFBiz™ is an open source product for the automation of enterprise processes that includes framework components and business applications for ERP (Enterprise Resource Planning), CRM (Customer Relationship Management), E-Business / E-Commerce, SCM (Supply Chain Management), MRP (Manufacturing Resource Planning), MMS/EAM (Maintenance Management System/Enterprise Asset Management), POS (Point Of Sale). http://ofbiz.apache.org/ "Apache OFBiz 12.04.05" is a bug fix release for the 12.04 series; all users of previous releases are encouraged to upgrade to this latest release. The release file can be downloaded following the instructions in the OFBiz download page: http://ofbiz.apache.org/download.html The OFBiz Team. signature.asc Description: Message signed with OpenPGP using GPGMail
[ANNOUNCE] Apache OFBiz 13.07.01 released
The Apache OFBiz community is pleased to announce the release of "Apache OFBiz 13.07.01". Apache OFBiz™ is an open source product for the automation of enterprise processes that includes framework components and business applications: http://ofbiz.apache.org/ "Apache OFBiz 13.07.01" is the first release of the 13.07 series, that has been stabilized with bug fixes since July 2013. This is the OFBiz current stable release and users of the previous releases are encouraged to migrate to it in order to get all the new features: the Release Notes can be found here: http://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310500&version=12327355 The release files can be downloaded from the OFBiz download page: http://ofbiz.apache.org/download.html The OFBiz Team. signature.asc Description: Message signed with OpenPGP using GPGMail
[ANNOUNCE] Apache OFBiz 10.04.04 released
The Apache OFBiz community is pleased to announce the new release "Apache OFBiz 10.04.04". Apache OFBiz is an open source enterprise automation software project (ERP, CRM, E-Business / E-Commerce, MRP, SCM, CMMS/EAM...): http://ofbiz.apache.org/ "Apache OFBiz 10.04.04" is a bug fix release for the 10.04 series; all users of "Apache OFBiz 10.04.03", "Apache OFBiz 10.04.02" and of "Apache OFBiz 10.04" (also known as "Apache OFBiz 10.04.01") and all users of the 09.04 series are encouraged to upgrade to this latest release because the new release is bundled with an updated release of Tomcat containing some fixes for vulnerabilities recently announced by the Tomcat community. The release file can be downloaded following the instructions in the OFBiz download page : http://ofbiz.apache.org/download.html The OFBiz Team. signature.asc Description: Message signed with OpenPGP using GPGMail
[CVE-2020-1943] Apache OFBiz XSS Vulnerability
Severity: Important Vendor: The Apache Software Foundation Versions Affected: OFBiz 16.11.01 to 16.11.07 Description: Data sent with "contentId" to "/control/stream" is not sanitized, allowing XSS attacks. Mitigation: Upgrade to 17.12.01 or manually apply the commits at OFBIZ-10753 Credit: Timon Funck References: http://ofbiz.apache.org/download.html#vulnerabilities
[CVE-2019-12425] Apache OFBiz Host Header Injection
Severity: Important Vendor: The Apache Software Foundation Versions Affected: OFBiz 17.12.01 Description: Apache OFBiz is vulnerable to Host header injection by accepting arbitrary hosts Mitigation: Upgrade to 17.12.03 or manually apply the commit at OFBIZ-11583 Credit: Pradeep Jairamani References: https://ofbiz.apache.org/security.html
[CVE-2020-13923] IDOR in Apache OFBiz
Severity: Important Vendor: The Apache Software Foundation Versions Affected: All versions < 17.12.04 Description: IDOR vulnerability in the order processing feature from ecommerce component. Mitigation: Upgrade to 17.12.04 or manually apply the commit at OFBIZ-11836 Credit: Harshit Shukla References: https://ofbiz.apache.org/security.html
Placement of ApacheCon events on LinkedIn
Hi Sally, Could you check with you Aram Mizradeh if he had been able to post the events (ApacheCon EU 2012 and ApacheCon NA 2013) on the event calendar of LinkedIn? Regards, Pierre Smits ApacheCon EU 2012 <http://www.apachecon.eu> - Sinsheim, Germany Apache OFBiz <http://ofbiz.apache.org>
[SECURITY] CVE-2019-12426 information disclosure vulnerability in Apache OFBiz
Severity: Minor Vendor: The Apache Software Foundation Versions Affected: Apache OFBiz 16.11.01 to 16.11.06 Description: an unauthenticated user could get access to information of some backend screens by invoking setSessionLocale. Mitigation: Upgrade to 16.11.07 Credit: This issue was discovered by Dennis Balkir . References: http://ofbiz.apache.org/security.html
[CVE-2020-9496] Apache OFBiz XML-RPC requests vulnerable without authentication
Severity: Important Vendor: The Apache Software Foundation Versions Affected: OFBiz 17.12.03 Description: Apache OFBiz XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues. Mitigation: Upgrade to 17.12.04 or manually apply the commit at OFBIZ-11716 Credit: Alvaro Munoz from GitHub Security Lab team References: https://ofbiz.apache.org/security.html
[CVE-2021-37608] Arbitrary file upload vulnerability in OFBiz
Severity: High, possible RCE Vendor: The Apache Software Foundation Versions Affected: OFBiz versions prior to 17.12.08 Description: Apache OFBiz has unsafe deserialization prior to 17.12.08 version Mitigation: Upgrade to at least 17.12.08 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12297 Credit: Zhujie from galaxylab References: http://ofbiz.apache.org/download.html#vulnerabilities
[CVE-2021-30128] Unsafe deserialization in OFBiz
Severity: High, possible RCE Vendor: The Apache Software Foundation Versions Affected: OFBiz versions prior to 17.12.07 Description: Apache OFBiz has unsafe deserialization prior to 17.12.07 version Mitigation: Upgrade to at least 17.12.07 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12212 & OFBIZ-12221 Credit: Litch1 from the Security Team of Alibaba Cloud References: http://ofbiz.apache.org/download.html#vulnerabilities
Re: Travel assistance for EU 2012
Nick, Done. Regards, Pierre On Thu, Aug 2, 2012 at 12:46 PM, Nick Burch wrote: > > Could you send your suggested wording through to the Travel Assistance > list? **. (While I'm on both lists, not all > the TAC committee members are here so not all will see it) > > Cheers > Nick > -- Pierre Smits ApacheCon EU 2012 <http://www.apachecon.eu> - Sinsheim, Germany Apache OFBiz <http://ofbiz.apache.org>
[SECURITY] CVE-2016-4462 OFBiz template remote code vulnerability
Vendor: The Apache Software Foundation Versions Affected: OFBiz 13.07.* OFBiz 12.04.* OFBiz 11.04.* Description: By manipulating the URL parameter externalLoginKey, a malicious, logged in user could pass valid Freemarker directives to the Template Engine that are reflected on the webpage; a specially crafted Freemarker template could be used for remote code execution. Mitigation: Upgrade to 16.11.01 Credit: Rick Radewagen, ERNW GmbH References: http://ofbiz.apache.org/download.html#vulnerabilities
[CVE-2019-10073] Apache OFBiz XSS vulnerability in the "ecommerce" component
Severity: Important Vendor: The Apache Software Foundation Versions Affected: OFBiz 16.11.01 to 16.11.05 Description: The "Blog", "Forum", "Contact Us" screens of the template "ecommerce" application bundled in Apache OFBiz are weak to Stored XSS attacks. Mitigation: Upgrade to 16.11.06 or manually apply the following commits on branch 16.11: 1858438, 1858543, 1860595 and 1860616 Credit: Vikash Patnaik Dinesh Kumar Mohanty References: http://ofbiz.apache.org/download.html#vulnerabilities
Apache OFBiz - Unauth Stored XSS (CVE-2022-25370)
Severity: High Vendor: The Apache Software Foundation Versions Affected: OFBiz versions prior to 18.12.06 Description: The Birt viewer version 4.5.0 has a security issue that allows this exploit. We waited long for https://github.com/eclipse/birt/issues/625 to resolve but eventually decided to release OFBiz 18.12.06 without the Birt component Mitigation: Upgrade to at least 18.12.06 Credit: npodoty...@ptsecurity.com References: http://ofbiz.apache.org/download.html#vulnerabilities
[CVE-2019-0235 ] Apache OFBiz multiple CSRF vulnerabilities
Severity: Important Vendor: The Apache Software Foundation Versions Affected: OFBiz 17.12.01 Description: Apache OFBiz is vulnerable to CSRF attacks Mitigation: Upgrade to 17.12.03 or manually apply the commits at OFBIZ-11470 Credit: Initially known by the OFBiz security team (OFBIZ-10427), also reported later by Man Yue Mo via RT Shuibo Ye Vikash Patnaik Sonali Agrahari Girish Vasmatkar Dinesh Kumar Mohanty Jason Nordenstam Pradeep Jairamani Faiz Zaidi References: https://ofbiz.apache.org/security.html
[CVE-2019-0235 ] Apache OFBiz multiple CSRF vulnerabilities
Severity: Important Vendor: The Apache Software Foundation Versions Affected: OFBiz 17.12.01 Description: Apache OFBiz is vulnerable to CSRF attacks Mitigation: Upgrade to 17.12.03 or manually apply the commits at OFBIZ-11470 Credit: Initially known by the OFBiz security team (OFBIZ-10427), also reported later by Man Yue Mo via RT Shuibo Ye Vikash Patnaik Sonali Agrahari Girish Vasmatkar Dinesh Kumar Mohanty Jason Nordenstam Pradeep Jairamani Faiz Zaidi References: https://ofbiz.apache.org/security.html
Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)
Severity: High Vendor: The Apache Software Foundation Versions Affected: OFBiz versions prior to 18.12.06 Description: The Birt viewer version 4.5.0 has a security issue that allows this exploit. We waited long for https://github.com/eclipse/birt/issues/625 to resolve but eventually decided to release OFBiz 18.12.06 without the Birt component Mitigation: Upgrade to at least 18.12.06 Credit: Positive Technologies References: http://ofbiz.apache.org/download.html#vulnerabilities
[ANNOUNCE] Apache OFBiz 17.12 End-Of-Life (EOL) announcement
The Apache OFBiz Project Team would like to inform you that OFBiz 17.12.09 is the last release of the 17.12 branch, which has reached its end of life and won't be longer officially supported. https://ofbiz.apache.org/release-notes-17.12.09.html This announcement takes place on 2022-01-21 and starting from today we will only support Apache OFBiz 18.12.x in case of security vulnerabilities. Questions and Answers: With the announcement of OFBiz 17.12.09 EOL, what happens to OFBiz 17.12.09 resources? All resources will stay where they are. The documentation will still be accessible from the Apache OFBiz homepage[1], as well as the downloads for last released OFBiz versions[2]. All of the OFBiz 17.12.09 source code can be found in the Apache OFBiz Git repository under branch release17.12, now and in future. This concerns the framework[3] and the plugins[4]. [1] [https://ofbiz.apache.org/] [2] [https://downloads.apache.org/ofbiz] [3] [https://github.com/apache/ofbiz-framework] [4] [https://github.com/apache/ofbiz-plugins] Is there an immediate need to upgrade from OFBiz 17.12.09 in my projects? If you are using a release between 17.12.01 and 17.12.08 you should immediately upgrade to 17.12.09, because there are several Log4j vulnerabilities present in all OFBiz releases before 17.12.09. As today, there aren't known vulnerabilities affecting OFBiz 17.12.09; however, considering that the 17.12.09 is the last release in this branch, you should plan to migrate to the latest version of 18.12.x as soon as possible. My friends / colleagues and I would like to see OFBiz 17.12.x being maintained again. What can we do? You may fork the existing source and support it on your own. Kind regards - The Apache OFBiz Team
[ANNOUNCE] Apache OFBiz 18.12 End-Of-Life (EOL) announcement
The Apache OFBiz Project Team would like to inform you that OFBiz 18.12.06 is the last release of the 18.12 branch, which has reached its end of life and won't be longer officially supported. https://ofbiz.apache.org/release-notes-18.12.06.html This announcement takes place on 2022-09-02 and starting from today we will only support Apache OFBiz 18.12.06 in case of security vulnerabilities. Questions and Answers: With the announcement of OFBiz 18.12.06 EOL, what happens to OFBiz 18.12.06 resources? All resources will stay where they are. The documentation will still be accessible from the Apache OFBiz homepage[1], as well as the downloads for last released OFBiz versions[2]. All of the OFBiz 18.12.06 source code can be found in the Apache OFBiz Git repository under branch release18.12, now and in future. This concerns the framework[3] and the plugins[4]. [1] https://ofbiz.apache.org/ [2] https://downloads.apache.org/ofbiz [3] https://github.com/apache/ofbiz-framework [4] https://github.com/apache/ofbiz-plugins Is there an immediate need to upgrade from OFBiz 18.12.06 in my projects? If you are using a release between 18.12.01 and 18.12.05 you should immediately upgrade to 18.12.06, because there are several vulnerabilities present in all OFBiz releases before 18.12.06. As today, there aren't known vulnerabilities affecting OFBiz 18.12.06; however, considering that the 18.12.06 is the last release in this branch, you should plan to migrate to the 18.12.06 as soon as possible. My friends / colleagues and I would like to see OFBiz 18.12.06 being continuously maintained. What can we do? You may fork the existing source and support it on your own. Kind regards - The Apache OFBiz Team
Apache OFBiz - Java Deserialization via RMI Connection (CVE-2022-29063)
Severity: Low (only on shared servers) Vendor: The Apache Software Foundation Versions Affected: OFBiz versions prior to 18.12.06 Description: The OFBiz Solr plugin is configured by default to automatically make a RMI request on localhost, port 1099. By hosting a malicious RMI server on localhost, an attacker may exploit this behavior Mitigation: Upgrade to at least 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12646 Credit: Matei "Mal" Badanoiu References: http://ofbiz.apache.org/download.html#vulnerabilities
Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)
Severity: High Vendor: The Apache Software Foundation Versions Affected: OFBiz versions prior to 18.12.06 Description: The Birt viewer version 4.5.0 has a security issue that allows this exploit. We waited long for https://github.com/eclipse/birt/issues/625 to resolve but eventually decided to release OFBiz 18.12.06 without the Birt component Mitigation: Upgrade to at least 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-... Credit: npodoty...@ptsecurity.com References: http://ofbiz.apache.org/download.html#vulnerabilities
Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)
Severity: High Vendor: The Apache Software Foundation Versions Affected: OFBiz versions prior to 18.12.06 Description: The Birt viewer version 4.5.0 has a security issue that allows this exploit. We waited long for https://github.com/eclipse/birt/issues/625 to resolve but eventually decided to release OFBiz 18.12.06 without the Birt component Mitigation: Upgrade to at least 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-... Credit: npodoty...@ptsecurity.com References: http://ofbiz.apache.org/download.html#vulnerabilities
Subject: [CVE-2021-26295] RCE vulnerability in latest Apache OFBiz due to Java serialisation using RMI
Severity: High Vendor: The Apache Software Foundation Versions Affected: OFBiz versions prior to 17.12.06 Description: Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz. Mitigation: Upgrade to at least 17.12.06 or apply the patch at https://github.com/apache/ofbiz-framework/commit/af9ed4e/ Credit: r00t4dm at Cloud-Penetrating Arrow Lab MagicZero from SGLAB of Legendsec at Qi'anxin Group. Longofo at Knownsec 404 Team References: http://ofbiz.apache.org/download.html#vulnerabilities
[CVE-2021-29200] RCE vulnerability in latest Apache OFBiz due to Java serialisation using RMI
Severity: High, possible RCE Vendor: The Apache Software Foundation Versions Affected: OFBiz versions prior to 17.12.07 Description: Apache OFBiz has unsafe deserialization prior to 17.12.07 version An unauthenticated user can perform a RCE attack Mitigation: Upgrade to at least 17.12.07 or apply one of the patches at https://issues.apache.org/jira/browse/OFBIZ-12216 Credit: r00t4dm at Cloud-Penetrating Arrow Lab asd of MoyunSec V-Lab 赖涵 <1044309...@qq.com> References: http://ofbiz.apache.org/download.html#vulnerabilities
Re: Access to proposals (was Re: To extend or not...)
>From the OFBiz track perspective we need the same. On Mon, Aug 6, 2012 at 3:49 PM, Donald Harbison wrote: > > > From the OpenOffice project perspective, we very much need to understand > who/what has been submitted. With this knowledge, we can more effectively > make direct appeals to worthy members and participants and improve the > overall quality of the track*before* the CFP system closes on August > 13. > > In other words, we urgently need this capability. > > -- Pierre Smits ApacheCon EU 2012 <http://www.apachecon.eu> - Sinsheim, Germany Apache OFBiz <http://ofbiz.apache.org>
[CVE-2019-10074] Apache OFBiz RCE (template injection)
Severity: Important Vendor: The Apache Software Foundation Versions Affected: OFBiz 16.11.01 to 16.11.05 An RCE is possible by entering Freemarker markup in an OFBiz Form Widget textarea field when encoding has been disabled on such a field. This was the case for the Customer Request "story" input in the Order Manager application. Encoding should not be disabled without good reason and never within a field that accepts user input. Mitigation: Upgrade to 16.11.06 or manually apply the following commit on branch 16.11: r1858533 Credit: Niels Heinen of the Google security team References: http://ofbiz.apache.org/download.html#vulnerabilities
Subject: Apache OFBiz - Server-Side Template Injection (CVE-2022-25813)
Severity: High (SSTI then possible RCE) Vendor: The Apache Software Foundation Versions Affected: OFBiz versions prior to 18.12.06 Description: As an ecommerce anonymous client, an external attacker can insert a malicious content in a message “Subject” field from the "Contact us" page. Then a party manager needs to list the communications in the party component to activate the SSTI. A RCE is then possible. Mitigation: Upgrade to at least 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12594 Credit: Matei "Mal" Badanoiu References: http://ofbiz.apache.org/download.html#vulnerabilities
Re: ApacheCon EU 2012 event producer
I believe that's Nick, as VP Conferences, unless he delegates that authority. regards Steve On Aug 9, 2012, at 11:49 PM, Pierre Smits wrote: > Hi all, > > Who is then the ASF representative who will be acting as the event > producer? > > Regards, > > > Pierre Smits > > ApacheCon EU 2012 <http://www.apachecon.eu> - Sinsheim, Germany > Apache OFBiz <http://ofbiz.apache.org> -- Steve Holden st...@holdenweb.com, Holden Web, LLC http://holdenweb.com/ Python classes (and much more) through the web http://oreillyschool.com/ Conferences and technical event management at http://theopenbastion.com/ Next: DjangoCon US Sep 6-8, Washington DC http://djangocon.us/
[CVE-2018-17200] Apache OFBiz unauthenticated remote code execution vulnerability in HttpEngine
Severity: Important Vendor: The Apache Software Foundation Versions Affected: OFBiz 16.11.01 to 16.11.05 Description: The OFBiz HTTP engine (org.apache.ofbiz.service.engine.HttpEngine.java) handles requests for HTTP services via the /webtools/control/httpService endpoint. This service takes the `serviceContent` parameter in the request and deserializes it using XStream. This `XStream` instance is slightly guarded by disabling the creation of `ProcessBuilder`. However, this can be easily bypassed (and in multiple ways). Mitigation: Upgrade to 16.11.06 or manually apply the following commits on branch 16 r1850017+1850019 Credit: Man Yue Mo of the Semmle Security Research Team 张剑 References: http://ofbiz.apache.org/download.html#vulnerabilities
[CVE-2013-2137] Apache OFBiz XSS vulnerability in the "View Log" screen of the Webtools application
CVE-2013-2137 - Apache OFBiz XSS vulnerability in the "View Log" screen of the Webtools application Vendor: The Apache Software Foundation Versions Affected: Apache OFBiz 10.04.01 to 10.04.05 Apache OFBiz 11.04.01 to 11.04.02 Apache OFBiz 12.04.01 Description: XSS vulnerability in the "View Log" screen of the Webtools application because the content of the html log was not properly encoded. Mitigation: 10.04.x users should upgrade to 10.04.06 11.04.x users should upgrade to 11.04.03 12.04.01 users should upgrade to 12.04.02 Credit: This issue was discovered by Grégory Draperi (gregory.drap...@gmail.com). References: http://ofbiz.apache.org/download.html#vulnerabilities signature.asc Description: Message signed with OpenPGP using GPGMail
[CVE-2013-2250] Apache OFBiz Nested expression evaluation allows remote users to execute arbitrary UEL functions in OFBiz
CVE-2013-2250 - Apache OFBiz Nested expression evaluation allows remote users to execute arbitrary UEL functions in OFBiz Vendor: The Apache Software Foundation Versions Affected: Apache OFBiz 10.04.01 to 10.04.05 Apache OFBiz 11.04.01 to 11.04.02 Apache OFBiz 12.04.01 Description: Parameter values are not correctly validated and if JUEL metacharacters are included they are interpreted. Mitigation: 10.04.x users should upgrade to 10.04.06 11.04.x users should upgrade to 11.04.03 12.04.01 users should upgrade to 12.04.02 Credit: This issue was discovered by Grégory Draperi (gregory.drap...@gmail.com). References: http://ofbiz.apache.org/download.html#vulnerabilities signature.asc Description: Message signed with OpenPGP using GPGMail
[SECURITY] CVE-2016-6800 Apache OFBiz blog stored XSS vulnerability
Vendor: The Apache Software Foundation Versions Affected: OFBiz 13.07.* OFBiz 12.04.* OFBiz 11.04.* Description: The default configuration of the OFBiz framework offers a blog functionality. Different users are able to operate blogs which are related to specific parties. In the form field for the creation of new blog articles the user input of the summary field as well as the article field is not properly sanitized. It is possible to inject arbitrary JavaScript code in these form fields. This code gets executed from the browser of every user who is visiting this article. Mitigation: Upgrade to 16.11.01 Credit: Robert Scholz, ERNW GmbH References: http://ofbiz.apache.org/download.html#vulnerabilities
[CVE-2019-0189] Apache OFBiz remote code execution and arbitrary file delete via Java deserialization
Severity: Important Vendor: The Apache Software Foundation Versions Affected: OFBiz 16.11.01 to 16.11.05 Description: The java.io.ObjectInputStream is known to cause Java serialisation issues. This issue here is exposed by the "webtools/control/httpService" URL, and uses Java deserialization to perform code execution. In the HttpEngine, the value of the request parameter "serviceContext" is passed to the "deserialize" method of "XmlSerializer". Ofbiz is affected via two different dependencies: "commons-beanutils" and an out-dated version of "commons-fileupload" Mitigation: Upgrade to 16.11.06 or manually apply the commits from OFBIZ-10770 AND OFBIZ-10837 on branch 16 Credit: Man Yue Mo of the Semmle Security Research Team ricterzheng(郑杜涛) References: http://ofbiz.apache.org/download.html#vulnerabilities
Apache OFBiz 09.04.01 released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The Apache Open For Business Project (Apache OFBiz) releases a new version of its software package. On the 25th of January, 2011 the Apache OFBiz community released a new version of its software package: Apache OFBiz 09.04.01. This new version is a bug fix release for the 09.04 series and it contains all of the features developed by the community up to April 2009, and since then it has been stabilized and improved with bug fixes. This release supersedes Apache OFBiz 09.04. This bug fix release should be used only by users of the Apache OFBiz 09.04 release; however if you are new to OFBiz or you are interested in getting the most recent features then you should get Apache OFBiz 10.04, released a few days ago. Apache OFBiz provides mature eCommerce, ERP, and CRM functionality with a general purpose enterprise software framework and a set of base and special purpose (process- or role-oriented) applications. While the applications can be used as-is, they are meant to be customized to suit the needs of each end-user organization. Apache OFBiz is one of the top open source enterprise software packages in the World, with several experienced service providers and live production instances. As a non-commercial, community-driven open source project, no single company owns and markets the software exclusively. The community-driven nature of the project results in software that is designed to be flexible and applies to a broad range of real-world business needs, while at the same time freeing users from licensing fees and lock-in from both vendors and service providers. Apache OFBiz releases can be downloaded from http://ofbiz.apache.org/download.html. For more information about Apache OFBiz visit the web site at http://ofbiz.apache.org. Please direct press inquiries to the Apache Software Foundation PRC at: p...@apache.org. -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) iQIcBAEBAgAGBQJNQCrYAAoJEHpYCQiEevngURIP/iPTb3yFYNGYBNsvbuLKJzh9 ccgNyFpS7UTgPAxdmhH0oJ0qUq8m3LgxqNMybqRgWW8BEWV8LD4sVhcsNUGyWI/r n/lBLxgoVMA/jBCuOXnUAqYnPnvU7PwAZSXCFefwGUmCZLP/rKd0YZ1b0QyPvFuA 16RcJsMGe6doNHcrBx6/NMVg80j3ZW5+r7IGWnHx/OtKIWFJfhInIBFUsoWznMVe b7bn9h6O2scJezDrZAjGjOU4AALkr3BElTezzWA5N7PzUItMPqs4KgaM8SeU60x2 mkBGtFn/KZdGAe0l9iu66XwW2uGC1YVJBAPZgQeIWncWtgA2L3XnCZOWlXCIoddF nQs0sYE2axdDJPTjhcJ/rletz6aCFHva/Dkj6wod0xHbQA+7ucc9QLaWjB/A5Yz9 XkO3aH5UbuUrDsbZ4VJNWIzdEgAfB59Dx9kH7mkJ04D1DdHnflRX4hwXfLs9YmQ8 9TR7J/95wKZRZoHD/Ty/Bb3gJ8hA6zwshdGnjb8LPdygSrQWp912wsnp44GPDO6D 8V5f7bSzbaaZid7KTeqXqdUbRcRcSTR0r27F7TrHUYVUiiYJZpiDeCyigu8TroUf 0cesXzkR2yGyc1xDJWKi6p0ym/6S/cSxxgxX+A8H0LIbxG2+L6u0oVDEjhTp5RBv B0iQggfAqzMfIbbSeZfa =FDi+ -END PGP SIGNATURE- - To unsubscribe, e-mail: announce-unsubscr...@apache.org For additional commands, e-mail: announce-h...@apache.org
Re: Access to proposals (was Re: To extend or not...)
likewise for ApachEE :) LieGrue, strub - Original Message - > From: Pierre Smits > To: apachecon-discuss@apache.org > Cc: > Sent: Monday, August 6, 2012 3:52 PM > Subject: Re: Access to proposals (was Re: To extend or not...) > > From the OFBiz track perspective we need the same. > > On Mon, Aug 6, 2012 at 3:49 PM, Donald Harbison > wrote: >> >> >> From the OpenOffice project perspective, we very much need to understand >> who/what has been submitted. With this knowledge, we can more effectively >> make direct appeals to worthy members and participants and improve the >> overall quality of the track*before* the CFP system closes on August >> 13. >> >> In other words, we urgently need this capability. >> >> > > -- > Pierre Smits > > ApacheCon EU 2012 <http://www.apachecon.eu> - Sinsheim, Germany > Apache OFBiz <http://ofbiz.apache.org> >
Re: Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)
Hi I'm sorry, I forgot to mention here the same than for (CVE-2022-25370) for the mitigation. Obviously there is no patch to apply since we waited [too] long for https://github.com/eclipse/birt/issues/625 to resolve but eventually decided to release OFBiz 18.12.06 with the Birt component disabled. My apologies Jacques Le 02/09/2022 à 08:34, Jacques Le Roux a écrit : Severity: High Vendor: The Apache Software Foundation Versions Affected: OFBiz versions prior to 18.12.06 Description: The Birt viewer version 4.5.0 has a security issue that allows this exploit. We waited long for https://github.com/eclipse/birt/issues/625 to resolve but eventually decided to release OFBiz 18.12.06 without the Birt component Mitigation: Upgrade to at least 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-... Credit: npodoty...@ptsecurity.com References: http://ofbiz.apache.org/download.html#vulnerabilities
Apache OFBiz 10.04 released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The Apache Open For Business Project (Apache OFBiz) releases a new version of its software package. On the 19th of January, 2011 the Apache OFBiz community released a new version of its software package: Apache OFBiz 10.04. This new version contains all of the features developed by the community up to April 2010, and since then it has been stabilized and improved with bug fixes. The previous release was Apache OFBiz 09.04, which was released on April 2010. Apache OFBiz provides mature eCommerce, ERP, and CRM functionality with a general purpose enterprise software framework and a set of base and special purpose (process- or role-oriented) applications. While the applications can be used as-is, they are meant to be customized to suit the needs of each end-user organization. New functionality and enhancements since the last release (09.04) include: ∙ Enhanced user experience: ∙ New stylesheets and several layout improvements ∙ New online help ∙ Improved support and use of Ajax widgets, notably quicker "Ajaxified" layered lookups mixed with auto-completed input fields ∙ Support for portal screens ∙ Basic support for multi-tenant deployment ∙ Improved internationalization and expanded localization support (Hindi, Chinese...) ∙ New reporting engine - based on Birt ∙ Added new integrations and enhanced existing ones (Google Checkout, Google Base, eBay, Authorize.net, RBS WorldPay Select Junior, Chase Orbital payment processors, UPS shipping, iCalendar) ∙ Several new features in accounting - including bank reconciliation support, fixed asset depreciation, FIFO/LIFO costing methods and new financial reports ∙ Improved support for Value Added Tax (VAT) In addition to improvements in these areas there have been significant improvements in production stability, quality, and security. Apache OFBiz is one of the top open source enterprise software packages in the World, with hundreds of experienced service providers and thousands of live production instances. As a non-commercial, community-driven open source project, no single company owns and markets the software exclusively. The community-driven nature of the project results in software that is designed to be flexible and applies to a broad range of real-world business needs, while at the same time freeing users from licensing fees and lock-in from both vendors and service providers. Apache OFBiz releases can be downloaded from http://ofbiz.apache.org/download.html. For more information about Apache OFBiz visit the web site at http://ofbiz.apache.org. Please direct press inquiries to the Apache Software Foundation PRC at: p...@apache.org. -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) iQIcBAEBAgAGBQJNPXXsAAoJEHpYCQiEevngXxMP/1i0Pc+YHIS0mqSG9YkH7xV9 QOqPe9sW+QJp/vK7zHTDUYFCCWmVrPGnMZcgf/jaCnvyPNDbW9Y30pcgUG9uBT4A D7qGRmlpCx1YC4smitJaRlfu0/8aCFlmiOkRvII92+HlspgumV64daUfncXZZ+kQ rCmJFJ3yHcCdQSe3wVfNRR3MwKl1Vaty5BYbcVkePEXWVyaaEtuCymV7vcb5bsXk suo0IT5xJKDRbe037QoTuvXe2LydkdUpmAmQP1FODyb62OTMWEbPAFVv8dyVsdh3 g+LLcqV/Rzv33ob86MIDF0/4p9u9syjSpuAUiXQD0PVYIE8s/iZRKojwZIKj43B+ SFmP7lDmZEG3yJrE66Z3RujB3tx9DOMTV4GiTXSnR10InvL/OjjtsYMTAvwP2AN2 uE4yclkMxfAR7wb3mA74Q6qvg6fmxtivBF7trxs4aU047Dp9ReJoOykIp0RaZLzp Tw2sOroYjszLo0tJ2ug5z613y9MABBhEHQkrQPw7z41qoTYRj+oh/yGuJFzDaiti +JV5p72ZTjED7lJCOYmWIgTsDDab2zHVvvK4ORKbouKdUwyWp2FDG84I8Cz+yW4N CdbfdEoQIYsLcQCyr5W0KeKb7O7VQ+J4Qob+wgGxRs7z5JZtmKqvF8hHMWmg+GgD nEs/qOZUMSA2oA8fMiSu =gwSA -END PGP SIGNATURE- - To unsubscribe, e-mail: announce-unsubscr...@apache.org For additional commands, e-mail: announce-h...@apache.org
Re: ApacheCon EU and presentation recording
Hi all, To give you an update regarding the video recording at the ApacheCon EU 2012 event, I contacted the Linux Magazin Online (a subsidiary of Linux New Media in Germany, who recorded ApacheCon events in the past). Unfortunately, it seems that Linux New Media changed their business model as it didn't prove that succesfull. As the contact at Linux Magazin Online explained, they have setup a partnership with another company and he is going to send me contact details to discuss the opportunity of video recording at the EU event. However, to keep things going I would like to come in contact with other parties who could do this at the upcoming event. Therefor: Do you per chance have a contact for me to get in touch with to further this, or know somebody who can help me in the right direction? With kind, Pierre Smits ApacheCon EU 2012 <http://www.apachecon.eu/> - Sinsheim, Germany Apache OFBiz <http://ofbiz.apache.org/>
Re: Access to proposals (was Re: To extend or not...)
Hi Steve, Did you add my email address as a reviewer as well? On Tue, Aug 7, 2012 at 4:51 PM, Steve Holden wrote: > > > There's no reason why others shouldn't be added as reviewers too. The more > the merrier, wouldn't you say? So unless there's a reason why the > shouldn't, I'd encourage the track chairs (whom I will invite momentarily) > to invite others to become reviewers. People are inhibited from reviewing > their own submissions. > > If you want to be a reviewer (tell your friends!) you just have to ask. > Give me the email address you are registered with at apachecon.eu and I > will invite you. Once invited you are free to invite other reviewers whose > opinions will help shape the conference. > > regards > Steve > -- > Steve Holden st...@holdenweb.com, Holden Web, LLC http://holdenweb.com/ > Python classes (and much more) through the web http://oreillyschool.com/ > Conferences and technical event management at http://theopenbastion.com/ > Next: DjangoCon US Sep 6-8, Washington DC http://djangocon.us/ > > > > -- Pierre Smits ApacheCon EU 2012 <http://www.apachecon.eu> - Sinsheim, Germany Apache OFBiz <http://ofbiz.apache.org>
Re: ApacheCon EU 2012 event and TAC-Apply Questionaire
Hi Nick, Did you get any feedback from TAC regarding below? Regards, Pierre On Fri, Aug 3, 2012 at 1:03 AM, Pierre Smits wrote: > Hi all, > > Reading the application questionaire for the ApacheCon EU 2012 event i > found some inconsistencies and/or unclear wordings in questions and the > associated explanations. I advise you to have a look at it. > > Q01 - Which country will you be travelling to ApacheCon from? > If you wish to attend an ApacheCon outside of your region (eg ApacheCon US > from Europe), please also outline why you should attend this event, instead > of a more local one. > > Better would be: > Q01 - From which country will you be traveling to the ApacheCon event? > If you wish to attend the ApacheCon event outside your region (Europe vs > ApacheCon NA or ApacheCon APAC, North America vs ApacheCon EU or ApacheCon > APAC, Asia vs ApacheCon EU or ApacheCon NA), please outline why you should > attend this event outside your region, in stead of attending a more local > event. > > Better would be: > Q02 - How many days are you intending to attend the event, and which > sessions do you intend to visit? > Full details of the schedule of sessions may be found at > http://www.apachecon.eu > > Remark: this description might be a bit hard to swallow (and subsequently > difficult to answer this question), as the schedule of the event is > presented to the public later than the application for travel assistence > regarding this event closes. > > Q07 and Q14 basically ask the same question. > Q07 - Which Apache projects are you involved in at the moment? > Please outline your involvement briefly (e.g. answer user queries on the > mailing lists, have submitted bugs/patches, work on integration with > Project Foo). > Q14 - Are you currently involved in Apache project(s)? > If you are currently involved in an Apache project, are you willing to > have the TAC approach the PMC of that project for more information? If so, > please mention which project you are involved in here. > If you are currently a student, and can provide a letter of recommendation > from a faculty member, please include that. Please make sure that it > includes the name of the institution, and contact details for the faculty > member. > > Q15 - Any additional information you'd like to supply? > > Remark: this question should be the last question before Q19 - To confirm > you application, please sign your name here. > > Q19 - To confirm you application, please sign your name here. > > Better is: > Q19 - To confirm you application, please state your name here. > > I also believe that questions should be grouped together. The first > grouping could the questions related to the event (including Q16), the > second grouping regarding the income, insurance, passport,etc, and the last > grouping could be about the projects involved and the rest (Q15, Q19). > > Of course, my native language is not English (any variety) and this just > an opinion. > > Regards, > > > Pierre Smits > > ApacheCon EU 2012 <http://www.apachecon.eu> - Sinsheim, Germany > Apache OFBiz <http://ofbiz.apache.org> > > -- Pierre Smits ApacheCon EU 2012 <http://www.apachecon.eu> - Sinsheim, Germany Apache OFBiz <http://ofbiz.apache.org>
Re: Help with "apache: Big data" and "apacheCon: Core"
Hi We'd like to put together a full track for OFBiz and this will probably be only for Apachecon Core. Thanks Sharan Forwarded Message Subject:Help with "apache: Big data" and "apacheCon: Core" Date: Thu, 28 May 2015 20:58:44 +0200 From: jan i Reply-To: priv...@ofbiz.apache.org To: apachecon-discuss@apache.org Dear PMC. We have just announced the call for Papers for "apache Big data" and "apacheCon: Core". If your project would like a track (1 day == 6 presentations) or a half track (3 presentations), please contact me. Building a track (or half track) is a good way of securing (without guarantee) that your project is represented in the events. PMCs that suggest tracks (half tracks) for "apacheCon: Core" will decide the content, with only an outside oversight. We hope you will take the oppertunity and build an awesome track representing your projects. We are of course also open if a group of projects builds a track together. We hope to be able to make some cross project presentations/panels. An example is "the future of web and web applications", many people ask if e.g. httpd and tomcat will play a major role in the future of internet. We hope some (especially the more mature projects) will grab the idea, and come with suggestions. Especially "apacheCon: Core" is open for innovation. Looking forward to help build super events with YOUR assistance. on behalf of the apacheCon team and LF jan I.
The Apache News Round-up: week ending 2 December 2016
... this announcement is available online at https://s.apache.org/jNu5 Welcome, December! We've wrapped up another great week with the following activities: ASF Board –management and oversight of the business and affairs of the corporation in accordance with the Foundation's bylaws. - Next Board Meeting: 21 December 2016. Board calendar and minutes available at http://apache.org/foundation/board/calendar.html ASF Infrastructure –our distributed team on four continents keeps the ASF's infrastructure running around the clock. - 7M+ weekly checks yield performance once again at the "three nines" at 99.90% uptime http://status.apache.org/ ApacheCon™ –the official conference series of The Apache Software Foundation. - CFP OPEN: Apache: Big Data and ApacheCon North America 16-18 May 2017/Miami http://apachecon.com/ - Session slides + photos available at http://bit.ly/2gTgdYK; recordings are being processed and posted at Feathercast http://feathercast.org Apache Community Development –helps those new to the ASF and Apache Projects take their first steps towards being a part of the Apache community. - REMINDER TO ASF COMMITTERS: please complete the Apache Community Development Diversity Survey (check your @apache.org email) Apache Drill™ –a distributed MPP query layer that supports SQL and alternative query languages against NoSQL and Hadoop data storage systems. It was inspired in part by Google's Dremel. - Apache Drill 1.9.0 released https://drill.apache.org/download/ Apache Kylin™ –an Open Source Distributed Analytics Engine designed to provide SQL interface and multi-dimensional analysis (OLAP) on Apache Hadoop, supporting extremely large datasets. - Apache Kylin 1.6.0 released https://www.apache.org/dyn/closer.cgi?path=/kylin/apache-kylin-1.6.0/ Apache OFBiz™ –an Open Source product for the automation of enterprise processes that includes framework components and business applications. - Apache OFBiz 16.11.01 released http://ofbiz.apache.org/download.html - CVE-2016-4462 OFBiz template remote code vulnerability and CVE-2016-6800 Apache OFBiz blog stored XSS vulnerability http://ofbiz.apache.org/download.html#vulnerabilities Apache Subversion™ –exists to be universally recognized and adopted as an Open Source, centralized version control system characterized by its reliability as a safe haven for valuable data; the simplicity of its model and usage; and its ability to support the needs of a wide variety of users and projects, from individuals to large-scale enterprise operations. - Apache Subversion 1.8.17 released http://subversion.apache.org/download/#supported-releases - Apache Subversion 1.9.5 released http://subversion.apache.org/download/#recommended-release Did You Know? - Did you know we recommend those running an event based on an Apache project to review the Event Branding Overview? http://www.apache.org/foundation/marks/events - Did you know that the Japan National Police Agency uses Apache Wicket for its opinion box? http://wicket.apache.org/ - Did you know that the Apache Project Maturity Model defines a structure for evaluating ASF projects (communities + technology), and has served as an example for other communities as well? http://community.apache.org/apache-way/apache-project-maturity-model.html Apache Community Notices: - The list of Apache project-related MeetUps can be found at http://apache.org/events/meetups.html - Find out how you can participate with Apache community/projects/activities --opportunities open with Apache HTTP Server, Avro, ComDev (community development), Directory, Incubator, OODT, POI, Syncope, Tika, Trafodion, Zest, and more! https://helpwanted.apache.org/ - ApacheCon North America and Apache:BigData will be held 16-18 May 2017 in Miami http://apachecon.com/ - The ASF Q1 FY2017 Report is available at https://s.apache.org/1BsV - Are your software solutions Powered by Apache? Download & use our "Powered By" logos http://www.apache.org/foundation/press/kit/#poweredby - Show your support for Apache with ASF-approved swag fromhttp://www.zazzle.com/featherwearand http://s.apache.org/landsend--all proceeds benefit the ASF! = = = For real-time updates, sign up for Apache-related news by sending mail to announce-subscr...@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers. # # # NOTE: you are receiving this message because you are subscribed to the announce@apache.org distribution list. To unsubscribe, send email from the recipient account to announce-unsubscr...@apache.org with the word "Unsubscribe" in the subject line.
Re: Help with "apache: Big data" and "apacheCon: Core"
On 29 May 2015 at 08:43, Sharan Foga wrote: > Hi > > We'd like to put together a full track for OFBiz and this will probably be > only for Apachecon Core. > Thanks for that. I agree OFBiz belongs in Apachecon Core. Please use that CFP, and let me know the presentations. I will update the wiki page if you do not beat me to it. rgds jan i > > Thanks > Sharan > > > > Forwarded Message > Subject:Help with "apache: Big data" and "apacheCon: Core" > Date: Thu, 28 May 2015 20:58:44 +0200 > From: jan i > Reply-To: priv...@ofbiz.apache.org > To: apachecon-discuss@apache.org > > > > Dear PMC. > > We have just announced the call for Papers for "apache Big data" and > "apacheCon: Core". > > If your project would like a track (1 day == 6 presentations) or a half > track > (3 presentations), please contact me. Building a track (or half track) is a > good > way of securing (without guarantee) that your project is represented in the > events. PMCs that suggest tracks (half tracks) for "apacheCon: Core" will > decide the content, with only an outside oversight. > > We hope you will take the oppertunity and build an awesome track > representing > your projects. We are of course also open if a group of projects builds a > track > together. > > We hope to be able to make some cross project presentations/panels. An > example is "the future of web and web applications", many people ask if > e.g. httpd and tomcat will play a major role in the future of internet. We > hope > some (especially the more mature projects) will grab the idea, and come > with suggestions. > > Especially "apacheCon: Core" is open for innovation. > > Looking forward to help build super events with YOUR assistance. > > on behalf of the apacheCon team and LF > jan I. > > > >
