CVE-2023-51467: Apache OFBiz: Pre-authentication Remote Code Execution (RCE) vulnerability

Severity: critical Affected versions: - Apache OFBiz before 18.12.11 Description: The vulnerability allows attackers to bypass authentication to achieve a simple Server-Side Request Forgery (SSRF) This issue is being tracked as OFBIZ-12873 Credit: Hasib Vhora, Senior Threat Researcher, Son

CVE-2023-50968: Apache OFBiz: Arbitrary file properties reading and SSRF attack

Severity: important Affected versions: - Apache OFBiz through 18.12.10 Description: Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations. The same uri can be operated to realize a SSRF attack also wit

Re: upgrade ofbiz version

Hi Vikas, Mostly https://cwiki.apache.org/confluence/display/OFBIZ/Revisions+Requiring+Data+Migration+-+upgrade+ofbiz for data changes The rest depends on how you have handled your own changes in OFBiz OOTB (Out Of The Box) code. As you may know plugins are the recommended way. If you made ch

upgrade ofbiz version

Hi, I am new to ofbiz. Can someone please point to the resources that would be helpful in migrating ofbiz app from 12.X to 18.X. Thanks, Vikas Sent from Mail for Windows