Re: CVE-2022-47501: Apache OFBiz: Arbitrary file reading vulnerability
Hi Douglas, Your message has been moderated, else it would not have reached this Mailing List. Please subscribe to the user ML for such questions and then use your email client. See why here http://ofbiz.apache.org/mailing-lists.html. You will get a better support, people can answer you on the ML. The wider the audience the better the answers you might get. Also it's more work for moderators who have to accept your messages as long as you have not subscribed. I'll personally no longer accept them (other moderators still could). Thanks This said, only the Solr plugin is concerned, no need to update the rest HTH Jacques Le 11/04/2023 à 07:49, Douglas Melo a écrit : Hello Jacques!! I have a question, is it necessary to update the entire project or just the Solr plugin? On 2023/04/10 09:21:12 Jacques Le Roux wrote: > Severity: important > > Description: > > Arbitrary file reading vulnerability in Apache Software Foundation Apache OFBiz.This issue affects Apache OFBiz: before 18.12.07. > > Required Configurations: > > Using the Solr plugin > > Solution: > > Upgrade to release 18.12.07 > > Credit: > > Skay (finder) > > References: > > https://lists.apache.org/list.html?annou...@apache.org > https://ofbiz.apache.org/download.html > https://ofbiz.apache.org/security.html > https://ofbiz.apache.org/ > https://www.cve.org/CVERecord?id=CVE-2022-47501 > >
RE: CVE-2022-47501: Apache OFBiz: Arbitrary file reading vulnerability
Hello Jacques!! I have a question, is it necessary to update the entire project or just the Solr plugin? On 2023/04/10 09:21:12 Jacques Le Roux wrote: > Severity: important > > Description: > > Arbitrary file reading vulnerability in Apache Software Foundation Apache OFBiz.This issue affects Apache OFBiz: before 18.12.07. > > Required Configurations: > > Using the Solr plugin > > Solution: > > Upgrade to release 18.12.07 > > Credit: > > Skay (finder) > > References: > > https://lists.apache.org/list.html?annou...@apache.org > https://ofbiz.apache.org/download.html > https://ofbiz.apache.org/security.html > https://ofbiz.apache.org/ > https://www.cve.org/CVERecord?id=CVE-2022-47501 > >
CVE-2022-47501: Apache OFBiz: Arbitrary file reading vulnerability
Severity: important Description: Arbitrary file reading vulnerability in Apache Software Foundation Apache OFBiz.This issue affects Apache OFBiz: before 18.12.07. Required Configurations: Using the Solr plugin Solution: Upgrade to release 18.12.07 Credit: Skay (finder) References: https://lists.apache.org/list.html?annou...@apache.org https://ofbiz.apache.org/download.html https://ofbiz.apache.org/security.html https://ofbiz.apache.org/ https://www.cve.org/CVERecord?id=CVE-2022-47501