Hello,
I have open OFBIZ-11263 [1] to upgrade Groovy to its latest stable
release on ‘trunk’.
I did not detect any issue with the upgrade so I intend to commit the
patch in the following days. If you are aware of an issue please jump
in.
Thanks.
[1]
Hi Samuel, Mathieu,
Le 21/10/2019 à 09:43, Samuel a écrit :
If I'm correct this is related to XSS attack [1] but this kind of attack is not limited to url parameters. An attacker can do the same thing with a
POST request (I mean parameter in body instead of url)
You are right, they just are
I Jakob,
Nice! I'm going to definitively play with it, just a few questions:
*Which ofbiz version you used?
*Where the standard ControlFilter, ContextFilter and ControlServlet are
configured? I expected to see them on web.xml
*Are the standard ofbiz url mappings (e.g. /control/*) preserved?