This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a change to branch release17.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git.
from 1b907b0 Fixed: CVE-2021-37608 vulnerability bypass (OFBIZ-12307)
new 7e00617 Fixed: Found a new XXE (XML External Entity Injection)
vulnerability in ArtifactInfo (OFBIZ-12306)
new a28316b Fixed: Found a new XXE (XML External Entity Injection)
vulnerability in EntityImport (OFBIZ-12304)
new 123f30e Fixed: Found a new XXE (XML External Entity Injection)
vulnerability in EntityImport (OFBIZ-12304)
The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../java/org/apache/ofbiz/base/util/UtilURL.java | 2 +-
.../org/apache/ofbiz/base/util/UtilValidate.java | 30 ++++++++++++++++++++--
.../groovyScripts/artifactinfo/ArtifactInfo.groovy | 10 +++++---
.../apache/ofbiz/webtools/WebToolsServices.java | 5 ++++
4 files changed, 41 insertions(+), 6 deletions(-)
