The Apache OFBiz Project Team would like to inform you that OFBiz 17.12.09
is the last release of the 17.12 branch, which has reached its end of life and
won't be longer officially supported.
https://ofbiz.apache.org/release-notes-17.12.09.html
This announcement takes place on 2022-01-21 and
Hi,
I see no reasons why this message did not pass, is there one?
TIA
Jacques
Message transféré
Sujet : Returned post for annou...@apache.org
Date : 20 Jan 2022 14:49:21 -
De :announce-h...@apache.org
Pour : jler...@apache.org
Hi! This is the ezmlm
The Apache OFBiz Project Team would like to inform you that OFBiz 17.12.09
is the last release of the 17.12 branch, which has reached its end of life and
won’t be longer officially supported.
https://ofbiz.apache.org/release-notes-17.12.09.html
This announcement takes place on 2022-01-15 and
:)
Jacques
Le 29/12/2021 à 09:05, jler...@apache.org a écrit :
This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/trunk
There are issues with OfbizControlServlet, I'll work on it soon... or will
revert...
Jacques
Le 05/12/2021 à 13:48, jler...@apache.org a écrit :
This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org
Did not work either, asked at
https://github.com/github/codeql-action/issues/462#issuecomment-968304521
Le 14/11/2021 à 15:39, jler...@apache.org a écrit :
This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch release18.12
in repository https
Severity:
High, possible RCE
Vendor:
The Apache Software Foundation
Versions Affected:
OFBiz versions prior to 17.12.08
Description:
Apache OFBiz has unsafe deserialization prior to 17.12.08 version
Mitigation:
Upgrade to at least 17.12.08
or apply patches at
But I believe we should rather discuss with checkstyle team if a report is not
appropriate.
What do you think?
Thanks
Jacques
Le 04/05/2021 à 10:36, jler...@apache.org a écrit :
This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch trunk
Severity:
High, possible RCE
Vendor:
The Apache Software Foundation
Versions Affected:
OFBiz versions prior to 17.12.07
Description:
Apache OFBiz has unsafe deserialization prior to 17.12.07 version
Mitigation:
Upgrade to at least 17.12.07
or apply patches at
Severity:
High, possible RCE
Vendor:
The Apache Software Foundation
Versions Affected:
OFBiz versions prior to 17.12.07
Description:
Apache OFBiz has unsafe deserialization prior to 17.12.07 version
An unauthenticated user can perform a RCE attack
Mitigation:
Upgrade to at least 17.12.07
or
Hi,
I think we should at least discuss the 2 points below before releasing 17.12.07
Thanks
Jacques
Le 10/04/2021 à 14:10, jler...@apache.org a écrit :
This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch release17.12
in repository https
Severity:
High
Vendor:
The Apache Software Foundation
Versions Affected:
OFBiz versions prior to 17.12.06
Description:
Apache OFBiz has unsafe deserialization prior to 17.12.06.
An unauthenticated attacker can use this vulnerability to successfully take
over Apache OFBiz.
Mitigation:
Upgrade
g the same error on R17.
The error is the one reported in:
https://issues.apache.org/jira/browse/OFBIZ-9444
In fact disabling the "solr" component resolves the issue.
Jacopo
On Sun, Jan 3, 2021 at 9:22 AM jler...@apache.org <
jler...@apache.org
wrote:
Hi Deepak, All,
The sa
Hi Deepak, All,
The same error (not failure) exists in both R17 and R18. I reproduce locally
with R18. It seems related to OFBIZ-9442 and OFBIZ-9444
Reverting the change allows
gradlew "ofbiz --test component=solr --test suitename=solrtests"
to pass
I believe this is a blocker for the
Le 21/12/2020 à 14:57, Michael Brohl a écrit :
It seems a bit outdated to read that r18 is released in 2021...
Sincerely I think we need to release R18, even at the end of 2020. Waiting one
year more is too long...
Jacques
Thanks Jacopo,
Looking forward and ready to help
Cheers
Jacques
PS: sent 5h ago but b.barracudacentral.org has a dent against me (hard to
change that)
Le 21/12/2020 à 10:21, Jacopo Cappellato a écrit :
Hi Jacques,
It sounds like a good plan to me and I can prepare the artifacts as soon as
FYI: I created https://issues.apache.org/jira/browse/INFRA-21209 for that
Le 18/12/2020 à 17:42, jler...@apache.org a écrit :
Fixed, the trunk demo is accessible again
Sorry for the quirk
Le 18/12/2020 à 16:18, Jacques Le Roux a écrit :
OK, it's a Shiro version issue, checking
Fixed, the trunk demo is accessible again
Sorry for the quirk
Le 18/12/2020 à 16:18, Jacques Le Roux a écrit :
OK, it's a Shiro version issue, checking that
Exception in thread "main" org.apache.shiro.crypto.CryptoException: Unable to
execute 'doFinal' with cipher instance
Hi,
As you may know we have a .asf.yaml file and there are new features:
https://blogs.apache.org/infra/entry/even-more-github-features-added
It's well explained at:
https://github.com/apache/infrastructure-puppet/pull/1678
I had a look, maybe?
<>
Not sure it's needed, I think the
Thanks Michael,
I just needed batik:batik-svg-dom:1.6-1 so simply replaced
org.apache.xmlgraphics:batik:1.13
Cheers
Jacques
Hi,
We can add a global version heading using the Gradle title Javadoc option:
https://docs.gradle.org/current/dsl/org.gradle.api.tasks.javadoc.Javadoc.html
I'll create a Jira for that
Jacques
Le 12/08/2020 à 08:59, jler...@apache.org a écrit :
This is an automated email from the ASF dual
BTW we have this report:
https://github.com/apache/ofbiz-site/network/alerts
I did not check details, maybe we need to update Bootstrap?
Jacques
Le 11/08/2020 à 13:53, jler...@apache.org a écrit :
This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit
lso create a Jira to check AsciiDoc errors I found while running and an
initial not committed version of generateReadmeFiles
Jacques
Le 11/07/2020 à 09:58, jler...@apache.org a écrit :
This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch release18
Severity:
Important
Vendor:
The Apache Software Foundation
Versions Affected:
OFBiz 17.12.01
Description:
Apache OFBiz is vulnerable to CSRF attacks
Mitigation:
Upgrade to 17.12.03 or manually apply the commits at OFBIZ-11470
Credit:
Initially known by the OFBiz security team
I have finally decided to backport this (low) security issue.
It's easy to do so, better to be safe than sorry.
Jacques
Le 20/03/2020 à 10:51, jler...@apache.org a écrit :
This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch trunk
Sometimes things get complicated when cherry-pick fails and you forget
something. Here I forgot the commit comment.
I prefer to let it like that, it's too late to amend :/
It was for OFBIZ-11407
Le 25/02/2020 à 15:57, jler...@apache.org a écrit :
This is an automated email from the ASF dual
Not sure how and why this happened and what it's for...
Do we need to document that?
Le 12/02/2020 à 12:11, jler...@apache.org a écrit :
This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a change to branch pr/13
in repository https://gitbox.apache.org/repos
Le 28/01/2020 à 18:36, jler...@apache.org a écrit :
commit c672c3a30453039b8b724ff8d604b244a4dde19f
[...]
PR created: #8
Thanks: Daniel WatfordNina Simone - My Baby Just Cares For Me.mp3
Maybe some noticed, of course "Nina Simone" as nothing to do w/ that.
Just a
mit-to-the-remote-git-repository
[2]
https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;a=commit;h=6d194cf8c363435e212282e31f575ca93f14d72d
Le 28/01/2020 à 15:58, jler...@apache.org a écrit :
This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a change to branc
+1
This is currently also used by the demos because "ofbiz --shutdown" does not
work with multiple instances
https://svn.apache.org/repos/asf/ofbiz/tools/demo-backup/trunk.sh
Of course resolving "ofbiz --shutdown" issue would be better. But I guess few
people use multiple instances in
This is also related: https://issues.apache.org/jira/browse/OFBIZ-7532
Jacques
Le 16/12/2018 à 12:47, Jacques Le Roux a écrit :
Yes it is somehow related, but not the same.
Jacques
Le 16/12/2018 à 11:25, Pierre Smits a écrit :
Hey Jacques,
Is this, in a way, connected (or relevant to)
Thanks all,
It seems nobody is against backporting, so I'll continue with OFBIZ-10651 and
OFBIZ-10652
I already generate the documentation from the trunk under https://ci.apache.org/projects/ofbiz/site/. I'll swap to R17 after backporting necessary,
as the documentation should preferably be
Hi,
While working on OFBIZ-10635 I noticed this block of code in
LoginEvents::storeLogin
if ("Y".equals(request.getParameter("rememberMe"))) {
setUsername(request, response);
}
It was added by Andrew long ago: https://markmail.org/message/dmqqxse65inh6amr
But
Hi Rishi,
Inline...
Le 22/09/2018 à 12:34, Rishi Solanki a écrit :
Jacques,
Thanks for more insights.
IMO, we should rename the files as you suggested and also add some
description in the file so that we won't confuse by this in future. And
also we should keep the duplicate data as well,
Good catch Deepak,
A Jira fits
Jacques
Le 08/10/2018 à 07:02, Deepak Nigam a écrit :
Hello All,
While rendering the view through the controller request we set the
important security headers like x-frame-options, strict-transport-security,
x-content-type-options, X-XSS-Protection and
They are put in in RequesHandler. There is a "Security header" block
Jacques
Le 08/10/2018 à 09:17, Taher Alkhateeb a écrit :
Hi Deepak,
Sounds good. Are these headers applied everywhere except CMS? If no then
why not apply them everywhere?
On Mon, Oct 8, 2018, 9:03 AM Deepak Nigam
wrote:
Please feel free if you see a better way
Jacques
Le 05/10/2018 à 16:25, Taher Alkhateeb a écrit :
This workaround looks ugly, can't we relocate this URL?
On Fri, Oct 5, 2018 at 5:22 PM wrote:
Author: jleroux
Date: Fri Oct 5 14:22:15 2018
New Revision: 1842921
URL:
Le 07/01/2018 à 11:43, Jacques Le Roux a écrit :
My answer to your question is: we should keep them of course, except if a
better way would be proposed, I see none for now...
I must have said: I see none PROVIDED for now...
We could consider a modular solution which would include split parts
Hi,
While working on OFBIZ-8154 I noticed that the labels beginning by
"HumanResServices." are never used.
So, it's a pity, but I think they should be removed. Actually my question is
more if we agree about removing all unused labels, not only those ones.
Thanks
Also forgot to report that Ant has lib\optional folder with 3 not documented
jars there.
So as long as it's optional you don't need to reference it in the LICENSE file.
We use OPTIONAL_LIBRARIES for that as a convenience to users.
Jacques
Le 24/08/2016 à 15:04, Jacques Le Roux a écrit :
OK, I
Congrats for your work at r1756949 Gil and Nicolas!
At r1756984 I have removed the base/lib and its reference in base
ofbiz-component.xml
So we have no longer any jars but
- cmssite component
- ebaystore component
- the tools directory
IMO we can delete the cmssite component jars they are
Hi,
Not so long ago Jacopo suggested that we use our versionning system (ie currently Subversion) to maintain the documentation. Or at least the most
important or entry points of the documentation which will still stay on our wiki (ie Confluence)
I think that by creating MarkDown files (or
19, 2016 at 11:10 PM, jler...@apache.org <jler...@apache.org>
wrote:
Taher
Actually I though more about it, we really need something like that.
Actually we need to help our users when they are in a situation like I
crossed once and reported here http://markmail.org/message/li
vdricudqdj6
nformation for those with special
deployment needs.
Regards,
Taher Alkhateeb
On Fri, Aug 19, 2016 at 11:10 PM, jler...@apache.org <jler...@apache.org>
wrote:
Taher
Actually I though more about it, we really need something like that.
Actually we need to help our users when they are in a sit
Taher
Actually I though more about it, we really need something like that.
Actually we need to help our users when they are in a situation like I crossed
once and reported here http://markmail.org/message/livdricudqdj6tmi :
"Also, as Pierre outlined, there are situations were you can't use
At 99.99% you have no chances that an image get through ANY ASF ML. If you need to share you must find another way, easiest are Jira (if you need to
create an issue anyway), then Nabble, else a lot of other options ;)
Jacques
Le 15/06/2016 à 15:59, Arvind singh tomar a écrit :
Hi Mridul
I
==
CVE-2016-2170: Apache OFBiz information disclosure vulnerability
Severity: Important
Vendor:
The Apache Software Foundation
Versions Affected:
Apache OFBiz 13.07.02 and 13.07.01
Apache OFBiz 12.04.05 and earlier releases in the series (12.04.*)
The
...@gmx.org, Paul King
pa...@asert.com.au
Copie à : amania...@apache.org, r...@apache.org, ebo...@apache.org,
jler...@apache.org
Hi everyone!
On behalf of the Groovy team, I am pleased to announce that we are going to submit a proposal to join the ASF. Thank you very much for the time
Thanks Daniel, Jacopo!
Good news for both projects
Jacques
Le 13/10/2014 10:03, Jacopo Cappellato a écrit :
Congratulations Daniel, to you and to the Freemarker community!
A few minutes ago I have upgraded the OFBiz trunk and the OFBiz 13.07 release
branch to the new release.
Kind regards,
49 matches
Mail list logo