Severity: critical
Affected versions:
- Apache OFBiz before 18.12.12
Description:
Possible path traversal in Apache OFBiz allowing authentication bypass.
Users are recommended to upgrade to version 18.12.12, that fixes the issue.
Credit:
YunPeng - 郭 运鹏 (finder)
References:
The Apache OFBiz community is pleased to announce the new release "Apache
OFBiz 18.12.12".
Apache OFBiz® is an open source product for the automation of enterprise
processes that includes framework components and business applications.
http://ofbiz.apache.org/
"Apache OFBiz 18.12.12" is the
The vote was successful with 4 positive votes (all binding) and no
negative votes.
Thank you,
Jacopo
On Tue, Feb 13, 2024 at 9:34 AM Jacopo Cappellato
wrote:
>
> This is the vote thread, third attempt, to publish "Apache OFBiz
> 18.12.12", twelfth
> release from the release18.12 branch.
>
>
+1
Regards,
Swapnil
-Original Message-
From: Jacopo Cappellato
Sent: 13 February 2024 02:04 PM
To: Dev list
Subject: [VOTE] [RELEASE] Apache OFBiz 18.12.12 - third attempt
This is the vote thread, third attempt, to publish "Apache OFBiz 18.12.12",
twelfth release from the release18.12
+1
Jacopo
On Tue, Feb 13, 2024 at 9:34 AM Jacopo Cappellato
wrote:
>
> This is the vote thread, third attempt, to publish "Apache OFBiz
> 18.12.12", twelfth
> release from the release18.12 branch.
>
> The release files can be downloaded from here:
> https://dist.apache.org/repos/dist/dev/ofbiz/
