I am currently working with Apache OFBiz version 18.12.06 and facing an issue related to the CVE-2020-1938 vulnerability while attempting to upload an image for vulnerability scanning. And trying to update the Tomcat latest version in the Apache OfBiz configuration file. Could you please provide guidance regarding the location of the Tomcat configuration files within the Apache OFBiz application that need to be updated for this purpose? Additionally, any insights or steps on how to proceed with updating the Tomcat version would be greatly appreciated.
---- On Wed, 04 Oct 2023 12:18:39 +0530 Nithin P <nithi...@yobitel.com> wrote --- Hi, I hope this message finds you in good health and high spirits. I am currently working with Apache OFBiz version 18.12.06 and facing an issue related to the CVE-2020-1938 vulnerability while attempting to upload an image for vulnerability scanning. In an effort to mitigate this vulnerability, I am keen on updating the Tomcat version within the Apache OFBiz application. Could you please provide guidance regarding the location of the Tomcat configuration files within the Apache OFBiz application that need to be updated for this purpose? Additionally, any insights or steps on how to proceed with updating the Tomcat version would be greatly appreciated. Additionally, I am looking to implement a feature that auto-generates a password every time instead of using the default password for administrator login. In pursuit of this, I have been delving into the source code of Apache OFBiz to identify the configuration file associated with the admin password. Could you kindly provide assistance in identifying the location of the admin password configuration files within the Apache OFBiz application? I am grateful for your kind assistance and guidance. Best regards, Nithin P This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. You cannot use or forward any attachments in the email. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. Finally, the opinions disclosed by the sender do not have to reflect those of the company, therefore the company refuses to take any liability for the damage caused by the content of this email. Yobitel Communications Limited, #11, Kingsley Mews, Ley Street, Ilford, London - IG1 4BT, United Kingdom. http://www.company.com This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. You cannot use or forward any attachments in the email. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. Finally, the opinions disclosed by the sender do not have to reflect those of the company, therefore the company refuses to take any liability for the damage caused by the content of this email. Yobitel Communications Limited, #11, Kingsley Mews, Ley Street, Ilford, London - IG1 4BT, United Kingdom. www.yobitel.com
