[jira] [Created] (OFBIZ-12594) Prevent Freemarker interpolation in fields

Jacques Le Roux (Jira) Sun, 03 Apr 2022 23:03:05 -0700

Jacques Le Roux created OFBIZ-12594:
---------------------------------------


             Summary: Prevent Freemarker interpolation in fields
                 Key: OFBIZ-12594
                 URL: https://issues.apache.org/jira/browse/OFBIZ-12594
             Project: OFBiz
          Issue Type: Improvement
          Components: ALL APPLICATIONS, ALL PLUGINS
    Affects Versions: 18.12.06, 22.01.01
            Reporter: Jacques Le Roux
            Assignee: Jacques Le Roux


OFBIZ-12587 is a definitive solution to prevent any kind of Freemarker 
exploits. But it's hard to realise because OFBiz exposes objects, like 
attributes from the Servlet scopes. So in the meantime preventing Freemarker 
interpolation in fields is a pragmatic solution.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Created] (OFBIZ-12594) Prevent Freemarker interpolation in fields

Reply via email to