Re: [jira] [Commented] (OFBIZ-11948) Remote Code Execution (File Upload) Vulnerability

2022-02-04 Thread Jacques Le Roux
We crossed on wire Michael :) Le 04/02/2022 à 14:34, Michael Brohl a écrit : The scrum component contains a Python script which is used together with git hooks. So Jacques's statement was entirely accurate. Michael Am 04.02.22 um 14:15 schrieb Pierre Smits: Hi Jacques, in a posting above,

Re: [jira] [Commented] (OFBIZ-11948) Remote Code Execution (File Upload) Vulnerability

2022-02-04 Thread Jacques Le Roux
Ah OK, then this sentence was inappropriate, nothing more. Actually the idea, from a security POV, is to add "security.properties::deniedWebShellTokens to neutralise non encoded PHP webshells. Mmm, I just checked. It's about python: https://github.com/apache/ofbiz-plugins/tree/trunk/scrum/data/h

Re: [jira] [Commented] (OFBIZ-11948) Remote Code Execution (File Upload) Vulnerability

2022-02-04 Thread Michael Brohl
The scrum component contains a Python script which is used together with git hooks. So Jacques's statement was entirely accurate. Michael Am 04.02.22 um 14:15 schrieb Pierre Smits: Hi Jacques, in a posting above, you stated: * Adds "https://ofbiz.apache.org/> since 2008 (without privileges)

Fwd: [GitHub] [ofbiz-framework] mbrohl commented on pull request #498: Improved: WorkEffort - MainActionMenu (OFBIZ-12557)

2022-02-04 Thread Jacques Le Roux
Pierre, I did not receive your message in dev ML, certainly due to my too much Thunderbird Filters or maybe something else, strange things happen with mails sometimes. So it's here forwarded expurged from exchanges in members private ML with last line slightly modified. HTH Messag

Re: [jira] [Commented] (OFBIZ-11948) Remote Code Execution (File Upload) Vulnerability

2022-02-04 Thread Pierre Smits
Hi Jacques, in a posting above, you stated: * Adds "https://ofbiz.apache.org/> since 2008 (without privileges) Proud contributor to the ASF since 2006 *Apache Directory , PMC Member* Anyone could have been you, whereas I've always been anyone. On Fri, Feb 4, 2022

Re: [jira] [Commented] (OFBIZ-11948) Remote Code Execution (File Upload) Vulnerability

2022-02-04 Thread Jacques Le Roux
Hi Pierre, How is your question related? Le 04/02/2022 à 12:53, Pierre Smits a écrit : Hi Jacques, Wasn't there PHP code in the scrum application/ component to work with a git repository? Or was that Python? Op vr 4 feb. 2022 12:32 schreef ASF subversion and git services (Jira) < j...@apach

Re: [jira] [Commented] (OFBIZ-11948) Remote Code Execution (File Upload) Vulnerability

2022-02-04 Thread Pierre Smits
Hi Jacques, Wasn't there PHP code in the scrum application/ component to work with a git repository? Or was that Python? Op vr 4 feb. 2022 12:32 schreef ASF subversion and git services (Jira) < j...@apache.org>: > > [ > https://issues.apache.org/jira/browse/OFBIZ-11948?page=com.atlassian.j