Severity: critical
Affected versions:
- Apache OFBiz before 18.12.11
Description:
The vulnerability allows attackers to bypass authentication to achieve a simple
Server-Side Request Forgery (SSRF)
This issue is being tracked as OFBIZ-12873
Credit:
Hasib Vhora, Senior Threat Researcher, Son
Severity: important
Affected versions:
- Apache OFBiz through 18.12.10
Description:
Arbitrary file properties reading vulnerability in Apache Software Foundation
Apache OFBiz when user operates an uri call without authorizations.
The same uri can be operated to realize a SSRF attack also wit
Hi,
Though I believe we should get rid of the Gradle pullPluginSource and pullAllPluginsSource tasks, this morning I tried to implement them using the OS
scripts for pullPluginSource and pullAllPluginsSource w/o success.
If someone is interested I can put the diff at OFBIZ-12868
Juste let me
Hi Eugen,
Inline...
Le 24/12/2023 à 12:05, Jacques Le Roux a écrit :
Hi Eugen,
This said I was reading
https://cwiki.apache.org/confluence/display/OFBIZ/Release+Management+Guide+for+OFBiz
and stumbled upon
https://github.com/apache/ofbiz-tools/blob/master/demo-backup/README.md
Obviously som
Thanks Daniel!
Jacques
Le 26/12/2023 à 08:17, Daniel Watford a écrit :
Hi Jacques,
Dropping the pullAllPluginsSource gradle task will have the benefit of
simplifying the building of docker images. Please see the comment on the
topic here:
https://github.com/apache/ofbiz-framework/blob/0530a58d
