Author: deepak
Date: Thu Apr 12 18:19:47 2018
New Revision: 1828996
URL: http://svn.apache.org/viewvc?rev=1828996&view=rev
Log:
Moved security vulnerabilities section from downloads page to new security.html
page
Added:
ofbiz/site/security.html (with props)
ofbiz/site/template/page/security.tpl.php
- copied, changed from r1828994, ofbiz/site/template/page/download.tpl.php
Modified:
ofbiz/site/download.html
ofbiz/site/template/page/download.tpl.php
Modified: ofbiz/site/download.html
URL:
http://svn.apache.org/viewvc/ofbiz/site/download.html?rev=1828996&r1=1828995&r2=1828996&view=diff
==============================================================================
--- ofbiz/site/download.html (original)
+++ ofbiz/site/download.html Thu Apr 12 18:19:47 2018
@@ -165,28 +165,7 @@
<div class="divider"><span></span></div>
<p>Older superseded releases of Apache OFBiz can be found in the
<a href="//archive.apache.org/dist/ofbiz/" target="external">Apache OFBiz
archive</a></p>
<p><strong>NOTE: To avoid any security vulnerabilities the Apache
OFBiz community highly recommend that all users upgrade to the latest stable
release.</strong></p>
- <p> A descriptions of each release in the history of OFBiz can be <a
href="//www.apache.org/dist/ofbiz/" target="external">found here</a></p>
- <h2><a id="security"></a>Security Vulnerabilities</h2>
- <div class="divider"><span></span></div>
- <p> <strong> We strongly encourage OfBiz users to report security
problems affecting OFBiz to the private security mailing lists (either
secur...@ofbiz.apache.org or secur...@apache.org), before disclosing them in a
public forum.</strong></p>
-<p>Please see the <a href="https://www.apache.org/security";
target="external">ASF Security Team webpage</a> for further information about
reporting a security vulnerability as well as their contact information. </p>
-
- <h3>List of Known Vulnerabilities</h3>
- <ul class="iconsList">
- <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15714"
target="external">CVE-2017-15714</a>; affected releases: from 16.11.01 to
16.11.03; fixed in 16.11.04 with revision <a
href="//svn.apache.org/viewvc?view=revision&revision=1818482"
target="external">1759065</a></li>
- <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6800"
target="external">CVE-2016-6800</a>; affected releases: 13.07.*, 12.04.*,
11.04.*; fixed in 16.11.01 with revisions <a
href="//svn.apache.org/viewvc?view=revision&revision=1759065"
target="external">1759065</a> and <a
href="//svn.apache.org/viewvc?view=revision&revision=1759218"
target="external"> 1759218</a></li>
- <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4462"
target="external">CVE-2016-4462</a>; affected releases: 13.07.*, 12.04.*,
11.04.*; fixed in 16.11.01 with revisions <a
href="//svn.apache.org/viewvc?view=revision&revision=1761978"
target="external">1761978</a>, <a
href="//svn.apache.org/viewvc?view=revision&revision=1761986"
target="external">1761986</a> and <a
href="//svn.apache.org/viewvc?view=revision&revision=1761987"
target="external"> 1761987</a></li>
- <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2170"
target="external">CVE-2016-2170</a>; affected releases: 13.07.02 and earlier
versions (13.07.*), 12.04.05 and earlier versions (12.04.*); fixed in 13.07.03
and 12.04.06</li>
- <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3268"
target="external">CVE-2015-3268</a>; affected releases: 13.07.02 and earlier
versions (13.07.*), 12.04.05 and earlier versions (12.04.*); fixed in 13.07.03
and 12.04.06</li>
- <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0232"
target="external">CVE-2014-0232</a>; affected releases: 12.04.03 and earlier
versions (12.04.*), 11.04.04 and earlier versions (11.04.*); fixed in 12.04.04
and 11.04.05</li>
- <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2250"
target="external">CVE-2013-2250</a>; affected releases: 12.04.01, 11.04.02 and
earlier versions (11.04.*), 10.04.05 and earlier versions (10.04.*); fixed in
12.04.02, 11.04.03 and 10.04.06</li>
- <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2137"
target="external">CVE-2013-2137</a>; affected releases: 12.04.01, 11.04.02 and
earlier versions (11.04.*), 10.04.05 and earlier versions (10.04.*); fixed in
12.04.02, 11.04.03 and 10.04.06</li>
- <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0177"
target="external">CVE-2013-0177</a>; affected releases: 11.04.01, 10.04.04 and
earlier versions (10.04.*); fixed in 11.04.02 and 10.04.05</li>
- <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3506"
target="external">CVE-2012-3506</a>; affected releases: 10.04.02, 10.04
(10.04.01); fixed in 10.04.03</li>
- <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1622"
target="external">CVE-2012-1622</a>; affected releases: 10.04 (10.04.01); fixed
in 10.04.02</li>
- <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1621"
target="external">CVE-2012-1621</a>; affected releases: 10.04 (10.04.01); fixed
in 10.04.02</li>
- <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0432"
target="external">CVE-2010-0432</a>; affected releases: 09.04; fixed in
09.04.01</li>
- </ul>
+ <p> A descriptions of each release in the history of OFBiz can be
<a href="//www.apache.org/dist/ofbiz/" target="external">found here</a></p>
</div>
</div>
</div>
Added: ofbiz/site/security.html
URL: http://svn.apache.org/viewvc/ofbiz/site/security.html?rev=1828996&view=auto
==============================================================================
--- ofbiz/site/security.html (added)
+++ ofbiz/site/security.html Thu Apr 12 18:19:47 2018
@@ -0,0 +1,236 @@
+<!DOCTYPE html>
+<html lang="en">
+<!--[if lt IE 7 ]><html class="ie ie6" lang="en"> <![endif]-->
+<!--[if IE 7 ]><html class="ie ie7" lang="en"> <![endif]-->
+<!--[if IE 8 ]><html class="ie ie8" lang="en"> <![endif]-->
+<!--[if (gte IE 9)|!(IE)]><!-->
+<head>
+<meta charset="utf-8">
+<title>The Apache OFBiz® Project - Security</title>
+<meta name="Description" content="OFBiz is an open source enterprise
automation software project licensed under the Apache License. It means you are
not alone and can work with many others." />
+<meta name="Robots" content="index,follow" />
+<!-- Mobile Specific Metas
+ ================================================== -->
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<!-- CSS
+ ================================================== -->
+<!-- Bootstrap -->
+<link type="text/css" rel="stylesheet" href="bootstrap/css/bootstrap.min.css">
+<!-- web font -->
+<link href="//fonts.googleapis.com/css?family=Open+Sans:400,300,800"
rel="stylesheet" type="text/css">
+<!-- plugin css -->
+<link rel="stylesheet" type="text/css"
href="js/plugins/pretty-photo/css/prettyPhoto.css" />
+<link rel="stylesheet" type="text/css"
href="js/plugins/rs-plugin/css/settings.css" media="screen" />
+<link type="text/css" rel="stylesheet"
href="js/plugins/hoverdir/css/style.css">
+<!-- icon fonts -->
+<link type="text/css" rel="stylesheet"
href="font-icons/custom-icons/css/custom-icons.css">
+<link type="text/css" rel="stylesheet"
href="font-icons/custom-icons/css/custom-icons-ie7.css">
+<!-- Custom css -->
+<link type="text/css" rel="stylesheet" href="css/layout.css">
+<link type="text/css" id="colors" rel="stylesheet" href="css/colors.css">
+<!--[if lt IE 9]><script
src="//html5shim.googlecode.com/svn/trunk/html5.js"></script><![endif]-->
+<!--[if gte IE 9]><style type="text/css">.iconBig, .active, .hover a , .Shover
a { filter: none !important; } </style> <![endif]-->
+<script src="js/modernizr-2.6.1.min.js"></script>
+<!-- Favicons
+ ================================================== -->
+<link rel="shortcut icon" href="images/favicon.ico">
+<link rel="apple-touch-icon" href="images/apple-icon.png">
+<link rel="apple-touch-icon" sizes="72x72" href="images/apple-icon-72x72.png">
+<link rel="apple-touch-icon" sizes="114x114"
href="images/apple-icon-114x114.png">
+<link rel="apple-touch-icon" sizes="144x144"
href="images/apple-icon-144x144.png">
+</head>
+<body>
+<!-- header -->
+<header id="mainHeader" class="clearfix">
+ <div class="navbar navbar-fixed-top">
+ <div class="navbar-inner">
+ <div class="container"> <a href="index.html" class="brand"><img
src="images/ofbiz_logo.png" alt="Apache OFBiz Logo"/></a>
+ <nav id="mainMenu" class="clearfix">
+ <ul>
+ <li><a href="index.html" class="firstLevel">Home</a></li>
+ <li><a href="#" class="firstLevel">Getting Started</a>
+ <ul>
+ <li><a href="developers.html" class="">Developers</a></li>
+ <li><a href="business-users.html" class="last">Business
Users</a></li>
+ </ul>
+ </li>
+ <li><a href="#" class="firstLevel">News</a>
+ <ul>
+ <li><a href="//twitter.com/apacheofbiz"
target="external">Twitter</a></li>
+ <li><a href="//blogs.apache.org/ofbiz/" target="external"
class="last">Blog</a></li>
+ </ul>
+ </li>
+ <li><a href="#" class="firstLevel">Documentation</a>
+ <ul>
+ <li><a
href="//cwiki.apache.org/confluence/display/OFBIZ/Documentation#Documentation-End-UserDocumentation"
target="external" class="">User Documentation</a></li>
+ <li><a
href="//cwiki.apache.org/confluence/display/OFBIZ/Technical+Documentation"
target="external" class="">Technical Documentation</a></li>
+ <li><a href="//cwiki.apache.org/confluence/display/OFBIZ/Home"
target="external" class="">Wiki</a></li>
+ <li><a href="//ci.apache.org/projects/ofbiz/site/javadocs/"
target="external" class="last">API Reference</a></li>
+ </ul>
+ </li>
+ <li><a href="#" class="firstLevel">Community</a>
+ <ul>
+ <li><a href="getting-involved.html">Getting Involved</a></li>
+ <li><a href="mailing-lists.html">Mailing Lists</a></li>
+ <li><a href="source-repositories.html">Source
Repository</a></li>
+ <li><a href="download.html">Downloads</a></li>
+ <li><a
href="//issues.apache.org/jira/browse/OFBIZ/?selectedTab=com.atlassian.jira.jira-projects-plugin:summary-panel"
target="external" >Issue Tracker</a></li>
+ <li><a href="faqs.html" class="last">FAQ</a></li>
+ </ul>
+ </li>
+ <li><a href="ofbiz-demos.html" class="firstLevel">Demos</a></li>
+ <li>
+ <a href="//twitter.com/ApacheOfbiz"
class="icon-twitter-bird socialIcon tips"
+ target="external" title="follow us on
Twitter"><span>twitter</span></a>
+ </li>
+ <li><a href="//www.youtube.com/user/ofbiz" class="icon-play
socialIcon tips" title="follow us on Youtube"><span>Youtube</span></a></li>
+ <li><a
href="//www.facebook.com/Apache-OFBiz-1478219232210477/?ref=page_internal"
class="icon-facebook socialIcon tips" title="follow us on
Facebook"><span>facebook</span></a></li>
+ <!--<li><a href="#" class="icon-rss socialIcon tips"
title="Our rss feed"><span>rss feed</span></a></li>
+ <li><a href="#" class="icon-gplus socialIcon tips"
title="follow us on Google +"><span>google +</span></a></li>
+ <li><a href="#" class="icon-instagram socialIcon tips"
title="follow us on Instagram"><span>instagram</span></a></li>
+ <li><a href="#" class="icon-linkedin socialIcon tips"
title="follow us on Linkedin"><span>linkedin</span></a></li>
+ <li><a href="#" class="icon-pinterest-circled socialIcon
tips" title="follow us on Pinterest"><span>Pinterest</span></a></li>-->
+ </ul>
+ </nav>
+ </div>
+ </div>
+ </div>
+</header>
+<!-- header -->
+<!-- globalWrapper -->
+<div id="globalWrapper">
+
+<!-- content -->
+ <!-- page content -->
+ <section id="content" class="sidebar">
+ <header class="headerPage">
+ <div class="container clearfix">
+ <div class="row">
+ <h1 class="span8">Security</h1>
+ <div class="span4" id="navTrail"> <a href="index.html"
class="homeLink">home</a><span>/</span><a href="#">Community</a><span>/</span>
<span class="current">Security</span> </div>
+ </div>
+ </div>
+ </header>
+ <div class="slice clearfix">
+ <div class="container">
+ <div class="row">
+ <h2><a id="security"></a>Security Vulnerabilities</h2>
+ <div class="divider"><span></span></div>
+ <p> <strong> We strongly encourage OfBiz users to report security
problems affecting OFBiz to the private security mailing lists (either
secur...@ofbiz.apache.org or secur...@apache.org), before disclosing them in a
public forum.</strong></p>
+ <p>Please see the <a href="https://www.apache.org/security";
target="external">ASF Security Team webpage</a> for further information about
reporting a security vulnerability as well as their contact information. </p>
+
+ <h3>List of Known Vulnerabilities</h3>
+ <ul class="iconsList">
+ <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15714"
target="external">CVE-2017-15714</a>; affected releases: from 16.11.01 to
16.11.03; fixed in 16.11.04 with revision <a
href="//svn.apache.org/viewvc?view=revision&revision=1818482"
target="external">1759065</a></li>
+ <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6800"
target="external">CVE-2016-6800</a>; affected releases: 13.07.*, 12.04.*,
11.04.*; fixed in 16.11.01 with revisions <a
href="//svn.apache.org/viewvc?view=revision&revision=1759065"
target="external">1759065</a> and <a
href="//svn.apache.org/viewvc?view=revision&revision=1759218"
target="external"> 1759218</a></li>
+ <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4462"
target="external">CVE-2016-4462</a>; affected releases: 13.07.*, 12.04.*,
11.04.*; fixed in 16.11.01 with revisions <a
href="//svn.apache.org/viewvc?view=revision&revision=1761978"
target="external">1761978</a>, <a
href="//svn.apache.org/viewvc?view=revision&revision=1761986"
target="external">1761986</a> and <a
href="//svn.apache.org/viewvc?view=revision&revision=1761987"
target="external"> 1761987</a></li>
+ <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2170"
target="external">CVE-2016-2170</a>; affected releases: 13.07.02 and earlier
versions (13.07.*), 12.04.05 and earlier versions (12.04.*); fixed in 13.07.03
and 12.04.06</li>
+ <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3268"
target="external">CVE-2015-3268</a>; affected releases: 13.07.02 and earlier
versions (13.07.*), 12.04.05 and earlier versions (12.04.*); fixed in 13.07.03
and 12.04.06</li>
+ <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0232"
target="external">CVE-2014-0232</a>; affected releases: 12.04.03 and earlier
versions (12.04.*), 11.04.04 and earlier versions (11.04.*); fixed in 12.04.04
and 11.04.05</li>
+ <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2250"
target="external">CVE-2013-2250</a>; affected releases: 12.04.01, 11.04.02 and
earlier versions (11.04.*), 10.04.05 and earlier versions (10.04.*); fixed in
12.04.02, 11.04.03 and 10.04.06</li>
+ <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2137"
target="external">CVE-2013-2137</a>; affected releases: 12.04.01, 11.04.02 and
earlier versions (11.04.*), 10.04.05 and earlier versions (10.04.*); fixed in
12.04.02, 11.04.03 and 10.04.06</li>
+ <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0177"
target="external">CVE-2013-0177</a>; affected releases: 11.04.01, 10.04.04 and
earlier versions (10.04.*); fixed in 11.04.02 and 10.04.05</li>
+ <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3506"
target="external">CVE-2012-3506</a>; affected releases: 10.04.02, 10.04
(10.04.01); fixed in 10.04.03</li>
+ <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1622"
target="external">CVE-2012-1622</a>; affected releases: 10.04 (10.04.01); fixed
in 10.04.02</li>
+ <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1621"
target="external">CVE-2012-1621</a>; affected releases: 10.04 (10.04.01); fixed
in 10.04.02</li>
+ <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0432"
target="external">CVE-2010-0432</a>; affected releases: 09.04; fixed in
09.04.01</li>
+ </ul>
+ </div>
+ </div>
+ </div>
+ </section>
+
+<!-- content -->
+<!-- footer -->
+<footer class="footer1">
+ <div class="container" id="footer">
+ <div class="row">
+ <div class="span6 timelineWidget">
+ <h2>Latest tweets</h2>
+ <!--div class="divider"><span></span></div>
+ <ul class="socialNetwork nav">
+ <li>
+ <a href="//twitter.com/ApacheOfbiz" class="icon-twitter-bird
socialIcon tips"
+ target="external" title="follow us on
Twitter"><span>twitter</span></a>
+ </li>
+ <li><a href="//www.youtube.com/user/ofbiz" class="icon-play
socialIcon tips" title="follow us on Youtube"><span>Youtube</span></a></li>
+ <li><a
href="//www.facebook.com/Apache-OFBiz-1478219232210477/?ref=page_internal"
class="icon-facebook socialIcon tips" title="follow us on
Facebook"><span>facebook</span></a></li>
+ <!--<li><a href="#" class="icon-rss socialIcon tips" title="Our rss
feed"><span>rss feed</span></a></li>
+ <li><a href="#" class="icon-gplus socialIcon tips" title="follow us
on Google +"><span>google +</span></a></li>
+ <li><a href="#" class="icon-instagram socialIcon tips"
title="follow us on Instagram"><span>instagram</span></a></li>
+ <li><a href="#" class="icon-linkedin socialIcon tips" title="follow
us on Linkedin"><span>linkedin</span></a></li>
+ <li><a href="#" class="icon-pinterest-circled socialIcon tips"
title="follow us on Pinterest"><span>Pinterest</span></a></li>-->
+ </ul-->
+ <div id="twitterFrame"> <a class="twitter-timeline"
href="//twitter.com/ApacheOfbiz?height=250" data-widget-id="588661945194192896"
data-tweet-limit="2" data-theme="dark" data-chrome="nofooter noheader
transparent" >Tweets by @ApacheOfbiz</a>
+ <script>!function(d,s,id){var
js,fjs=d.getElementsByTagName(s)[0],p=/^http:/.test(d.location)?'http':'https';if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src=p+"://platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script>
+ </div>
+ </div>
+ <div class="span3 contactWidget">
+ <h2>Contact Community</h2>
+ <div class="divider"><span></span></div>
+ <ul>
+ <li><a href="mailing-lists.html">Mailing Lists</a></li>
+ <li><a href="source-repositories.html">Source Repository
(SVN)</a></li>
+ <li><a href="//issues.apache.org/jira/browse/OFBIZ"
target="external">Issue Tracker (Jira)</a></li>
+ <li><a href="//www.youtube.com/user/ofbiz" target="external">OFBiz
Youtube Channel</a></li>
+ <li><a href="//vimeo.com/channels/apacheofbiz"
target="external">OFBiz Vimeo Channel</a></li>
+ <li><a href="//www.hipchat.com/gGlwdXZZl" target="external">OFBiz
HipChat Room</a></li>
+ </ul>
+ </div>
+ <div class="span3 sociallWidget">
+ <h2>ASF Information</h2>
+ <div class="divider"><span></span></div>
+ <ul>
+ <li><a href="https://www.apache.org/foundation/";
target="external">Apache Software Foundation</a></li>
+ <li><a href="https://www.apache.org/events/current-event";
target="external">Events</a></li>
+ <li><a href="https://www.apache.org/foundation/sponsorship.html";
target="external">Sponsorship</a></li>
+ <li><a href="https://www.apache.org/foundation/thanks.html";
target="external">Thanks</a></li>
+ <li><a href="download.html#security">Security</a></li>
+ </ul>
+ </div>
+ </div>
+ </div>
+</footer>
+<footer class="footer2" id="footerRights">
+ <div class="container">
+ <div class="row">
+ <div class="span12">
+ <p>
+ Copyright © 2018 The Apache Software Foundation.
+ <a href="https://www.apache.org/licenses/";
target="external">Licensed under the Apache License, Version 2.0</a>.<br/>
+ Apache OFBiz, OFBiz, the project logo and the Apache feather logo
are trademarks of <a href="https://www.apache.org/"; target="external">The
Apache Software Foundation.</a>
+ </p>
+ </div>
+ </div>
+ </div>
+</footer>
+<!-- footer -->
+</div>
+<!-- globalWrapper -->
+<script type="text/javascript"
src="js/plugins/respond/respond.min.js"></script>
+<script type="text/javascript" src="js/jquery-1.8.2.min.js"></script>
+<script type="text/javascript"
src="js/plugins/jquery-ui/jquery-ui-1.8.23.custom.min.js"></script>
+<!-- third party plugins -->
+<script type="text/javascript" src="bootstrap/js/bootstrap.js"></script>
+<script type="text/javascript"
src="bootstrap/js/bootstrap-carousel.js"></script>
+<script type="text/javascript"
src="js/plugins/easing/jquery.easing.1.3.js"></script>
+<script type="text/javascript"
src="js/plugins/pretty-photo/js/jquery.prettyPhoto.js"></script>
+<script type="text/javascript"
src="js/plugins/hoverdir/jquery.hoverdir.js"></script>
+<!-- jQuery KenBurn Slider -->
+<script type="text/javascript"
src="js/plugins/rs-plugin/js/jquery.themepunch.plugins.min.js"></script>
+<script type="text/javascript"
src="js/plugins/rs-plugin/js/jquery.themepunch.revolution.min.js"></script>
+<!-- Custom -->
+<script type="text/javascript" src="js/custom.js"></script>
+<script type="text/javascript">
+ var _gaq = _gaq || [];
+ _gaq.push(['_setAccount', UA]);
+ _gaq.push(['_trackPageview']);
+
+ (function() {
+ var ga = document.createElement('script'); ga.type =
'text/javascript'; ga.async = true;
+ ga.src = ('https:' == document.location.protocol ? 'https://ssl' :
'http://www') + '.google-analytics.com/ga.js';
+ var s = document.getElementsByTagName('script')[0];
s.parentNode.insertBefore(ga, s);
+ })();
+</script>
+</body>
+</html>
Propchange: ofbiz/site/security.html
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: ofbiz/site/security.html
------------------------------------------------------------------------------
svn:keywords = Date Rev Author URL Id
Propchange: ofbiz/site/security.html
------------------------------------------------------------------------------
svn:mime-type = text/html
Modified: ofbiz/site/template/page/download.tpl.php
URL:
http://svn.apache.org/viewvc/ofbiz/site/template/page/download.tpl.php?rev=1828996&r1=1828995&r2=1828996&view=diff
==============================================================================
--- ofbiz/site/template/page/download.tpl.php (original)
+++ ofbiz/site/template/page/download.tpl.php Thu Apr 12 18:19:47 2018
@@ -67,28 +67,7 @@
<div class="divider"><span></span></div>
<p>Older superseded releases of Apache OFBiz can be found in the
<a href="//archive.apache.org/dist/ofbiz/" target="external">Apache OFBiz
archive</a></p>
<p><strong>NOTE: To avoid any security vulnerabilities the Apache
OFBiz community highly recommend that all users upgrade to the latest stable
release.</strong></p>
- <p> A descriptions of each release in the history of OFBiz can be <a
href="//www.apache.org/dist/ofbiz/" target="external">found here</a></p>
- <h2><a id="security"></a>Security Vulnerabilities</h2>
- <div class="divider"><span></span></div>
- <p> <strong> We strongly encourage OfBiz users to report security
problems affecting OFBiz to the private security mailing lists (either
secur...@ofbiz.apache.org or secur...@apache.org), before disclosing them in a
public forum.</strong></p>
-<p>Please see the <a href="https://www.apache.org/security";
target="external">ASF Security Team webpage</a> for further information about
reporting a security vulnerability as well as their contact information. </p>
-
- <h3>List of Known Vulnerabilities</h3>
- <ul class="iconsList">
- <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15714"
target="external">CVE-2017-15714</a>; affected releases: from 16.11.01 to
16.11.03; fixed in 16.11.04 with revision <a
href="//svn.apache.org/viewvc?view=revision&revision=1818482"
target="external">1759065</a></li>
- <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6800"
target="external">CVE-2016-6800</a>; affected releases: 13.07.*, 12.04.*,
11.04.*; fixed in 16.11.01 with revisions <a
href="//svn.apache.org/viewvc?view=revision&revision=1759065"
target="external">1759065</a> and <a
href="//svn.apache.org/viewvc?view=revision&revision=1759218"
target="external"> 1759218</a></li>
- <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4462"
target="external">CVE-2016-4462</a>; affected releases: 13.07.*, 12.04.*,
11.04.*; fixed in 16.11.01 with revisions <a
href="//svn.apache.org/viewvc?view=revision&revision=1761978"
target="external">1761978</a>, <a
href="//svn.apache.org/viewvc?view=revision&revision=1761986"
target="external">1761986</a> and <a
href="//svn.apache.org/viewvc?view=revision&revision=1761987"
target="external"> 1761987</a></li>
- <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2170"
target="external">CVE-2016-2170</a>; affected releases: 13.07.02 and earlier
versions (13.07.*), 12.04.05 and earlier versions (12.04.*); fixed in 13.07.03
and 12.04.06</li>
- <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3268"
target="external">CVE-2015-3268</a>; affected releases: 13.07.02 and earlier
versions (13.07.*), 12.04.05 and earlier versions (12.04.*); fixed in 13.07.03
and 12.04.06</li>
- <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0232"
target="external">CVE-2014-0232</a>; affected releases: 12.04.03 and earlier
versions (12.04.*), 11.04.04 and earlier versions (11.04.*); fixed in 12.04.04
and 11.04.05</li>
- <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2250"
target="external">CVE-2013-2250</a>; affected releases: 12.04.01, 11.04.02 and
earlier versions (11.04.*), 10.04.05 and earlier versions (10.04.*); fixed in
12.04.02, 11.04.03 and 10.04.06</li>
- <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2137"
target="external">CVE-2013-2137</a>; affected releases: 12.04.01, 11.04.02 and
earlier versions (11.04.*), 10.04.05 and earlier versions (10.04.*); fixed in
12.04.02, 11.04.03 and 10.04.06</li>
- <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0177"
target="external">CVE-2013-0177</a>; affected releases: 11.04.01, 10.04.04 and
earlier versions (10.04.*); fixed in 11.04.02 and 10.04.05</li>
- <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3506"
target="external">CVE-2012-3506</a>; affected releases: 10.04.02, 10.04
(10.04.01); fixed in 10.04.03</li>
- <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1622"
target="external">CVE-2012-1622</a>; affected releases: 10.04 (10.04.01); fixed
in 10.04.02</li>
- <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1621"
target="external">CVE-2012-1621</a>; affected releases: 10.04 (10.04.01); fixed
in 10.04.02</li>
- <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0432"
target="external">CVE-2010-0432</a>; affected releases: 09.04; fixed in
09.04.01</li>
- </ul>
+ <p> A descriptions of each release in the history of OFBiz can be
<a href="//www.apache.org/dist/ofbiz/" target="external">found here</a></p>
</div>
</div>
</div>
Copied: ofbiz/site/template/page/security.tpl.php (from r1828994,
ofbiz/site/template/page/download.tpl.php)
URL:
http://svn.apache.org/viewvc/ofbiz/site/template/page/security.tpl.php?p2=ofbiz/site/template/page/security.tpl.php&p1=ofbiz/site/template/page/download.tpl.php&r1=1828994&r2=1828996&rev=1828996&view=diff
==============================================================================
--- ofbiz/site/template/page/download.tpl.php (original)
+++ ofbiz/site/template/page/security.tpl.php Thu Apr 12 18:19:47 2018
@@ -1,5 +1,5 @@
<?php //Variable declarations for region templates
- $head_title = '<title>The Apache OFBiz® Project - Downloads</title>';
+ $head_title = '<title>The Apache OFBiz® Project - Security</title>';
?>
<!-- content -->
@@ -8,89 +8,36 @@
<header class="headerPage">
<div class="container clearfix">
<div class="row">
- <h1 class="span8">Downloads</h1>
- <div class="span4" id="navTrail"> <a href="index.html"
class="homeLink">home</a><span>/</span><a href="#">Community</a><span>/</span>
<span class="current">Downloads</span> </div>
+ <h1 class="span8">Security</h1>
+ <div class="span4" id="navTrail"> <a href="index.html"
class="homeLink">home</a><span>/</span><a href="#">Community</a><span>/</span>
<span class="current">Security</span> </div>
</div>
</div>
</header>
<div class="slice clearfix">
<div class="container">
<div class="row">
- <!-- sidebar -->
- <aside class="span4" id="sidebar">
-
- <section class="widget blogUpdates">
- <h2>Releases for Download</h2>
- <div class="divider"><span></span></div>
- <ul class="nav nav-tabs " id="myTab">
- <li class="active"><a href="#tabs-1"
data-toggle="tab">Downloads</a></li>
- <li><a href="#tabs-2" data-toggle="tab">Release Notes</a></li>
- </ul>
- <div class="tab-content">
- <div class="tab-pane active" id="tabs-1">
- <ul>
- <li>
- <h2>OFBiz 16.11.04</h2>
- <a
href="//www.apache.org/dyn/closer.lua/ofbiz/apache-ofbiz-16.11.04.zip"
target="external" class="moreLink">→ Download</a>
- </li>
- </ul>
- </div>
- <div class="tab-pane" id="tabs-2">
- <ul>
- <li>
- <h2>OFBiz 16.11.04</h2>
- <a href="release-notes-16.11.04.html"
class="moreLink">→ View</a>
- </li>
- </ul>
- </div>
- </div>
- </section>
- </aside>
- <!-- sidebar -->
- <div class="span8">
- <h2>Download Apache OFBiz</h2>
- <div class="divider"><span></span></div>
- <div class="imgWrapper"> <img src="images/Download.jpg" alt="image
fullwidth"> </div>
- <p> <strong> Use the links below to download Apache OFBiz releases
from the "Apache Download Mirrors" page. The download page also includes
instructions on how to verify the integrity of the release file using the
signature and hashes (PGP, MD5, SHA512) available for each release. </strong>
</p>
- <p> <strong>PLEASE NOTE:</strong> Despite our best efforts to
maintain up to three active release branches, support for older branches can
decrease because our project volunteers may be focused on other issues. We
recommend using releases from the most recent branch wherever possible. </p>
- <h2>Apache OFBiz 16.11.04</h2>
- <div class="divider"><span></span></div>
- <p> Released in January 2018, this is the fourth release of the
16.11 series, that has been stabilized since November 2016. </p>
- <a href
="//www.apache.org/dyn/closer.lua/ofbiz/apache-ofbiz-16.11.04.zip"
target="external" >Download OFBiz 16.11.04</a>
- <a href
="//www.apache.org/dist/ofbiz/apache-ofbiz-16.11.04.zip.asc"
target="external">[PGP]</a>
- <a href
="//www.apache.org/dist/ofbiz/apache-ofbiz-16.11.04.zip.md5"
target="external">[MD5]</a>
- <a href
="//www.apache.org/dist/ofbiz/apache-ofbiz-16.11.04.zip.sha"
target="external">[SHA512]</a>
- <a href ="//www.apache.org/dist/ofbiz/KEYS"
target="external">[KEYS]</a>
- <a href ="release-notes-16.11.04.html">[Release Notes]</a>
-
- <h2>Earlier Releases</h2>
- <div class="divider"><span></span></div>
- <p>Older superseded releases of Apache OFBiz can be found in the
<a href="//archive.apache.org/dist/ofbiz/" target="external">Apache OFBiz
archive</a></p>
- <p><strong>NOTE: To avoid any security vulnerabilities the Apache
OFBiz community highly recommend that all users upgrade to the latest stable
release.</strong></p>
- <p> A descriptions of each release in the history of OFBiz can be <a
href="//www.apache.org/dist/ofbiz/" target="external">found here</a></p>
- <h2><a id="security"></a>Security Vulnerabilities</h2>
+ <h2><a id="security"></a>Security Vulnerabilities</h2>
<div class="divider"><span></span></div>
<p> <strong> We strongly encourage OfBiz users to report security
problems affecting OFBiz to the private security mailing lists (either
secur...@ofbiz.apache.org or secur...@apache.org), before disclosing them in a
public forum.</strong></p>
-<p>Please see the <a href="https://www.apache.org/security";
target="external">ASF Security Team webpage</a> for further information about
reporting a security vulnerability as well as their contact information. </p>
+ <p>Please see the <a href="https://www.apache.org/security";
target="external">ASF Security Team webpage</a> for further information about
reporting a security vulnerability as well as their contact information. </p>
<h3>List of Known Vulnerabilities</h3>
<ul class="iconsList">
- <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15714"
target="external">CVE-2017-15714</a>; affected releases: from 16.11.01 to
16.11.03; fixed in 16.11.04 with revision <a
href="//svn.apache.org/viewvc?view=revision&revision=1818482"
target="external">1759065</a></li>
- <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6800"
target="external">CVE-2016-6800</a>; affected releases: 13.07.*, 12.04.*,
11.04.*; fixed in 16.11.01 with revisions <a
href="//svn.apache.org/viewvc?view=revision&revision=1759065"
target="external">1759065</a> and <a
href="//svn.apache.org/viewvc?view=revision&revision=1759218"
target="external"> 1759218</a></li>
- <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4462"
target="external">CVE-2016-4462</a>; affected releases: 13.07.*, 12.04.*,
11.04.*; fixed in 16.11.01 with revisions <a
href="//svn.apache.org/viewvc?view=revision&revision=1761978"
target="external">1761978</a>, <a
href="//svn.apache.org/viewvc?view=revision&revision=1761986"
target="external">1761986</a> and <a
href="//svn.apache.org/viewvc?view=revision&revision=1761987"
target="external"> 1761987</a></li>
- <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2170"
target="external">CVE-2016-2170</a>; affected releases: 13.07.02 and earlier
versions (13.07.*), 12.04.05 and earlier versions (12.04.*); fixed in 13.07.03
and 12.04.06</li>
- <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3268"
target="external">CVE-2015-3268</a>; affected releases: 13.07.02 and earlier
versions (13.07.*), 12.04.05 and earlier versions (12.04.*); fixed in 13.07.03
and 12.04.06</li>
- <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0232"
target="external">CVE-2014-0232</a>; affected releases: 12.04.03 and earlier
versions (12.04.*), 11.04.04 and earlier versions (11.04.*); fixed in 12.04.04
and 11.04.05</li>
- <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2250"
target="external">CVE-2013-2250</a>; affected releases: 12.04.01, 11.04.02 and
earlier versions (11.04.*), 10.04.05 and earlier versions (10.04.*); fixed in
12.04.02, 11.04.03 and 10.04.06</li>
- <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2137"
target="external">CVE-2013-2137</a>; affected releases: 12.04.01, 11.04.02 and
earlier versions (11.04.*), 10.04.05 and earlier versions (10.04.*); fixed in
12.04.02, 11.04.03 and 10.04.06</li>
- <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0177"
target="external">CVE-2013-0177</a>; affected releases: 11.04.01, 10.04.04 and
earlier versions (10.04.*); fixed in 11.04.02 and 10.04.05</li>
- <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3506"
target="external">CVE-2012-3506</a>; affected releases: 10.04.02, 10.04
(10.04.01); fixed in 10.04.03</li>
- <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1622"
target="external">CVE-2012-1622</a>; affected releases: 10.04 (10.04.01); fixed
in 10.04.02</li>
- <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1621"
target="external">CVE-2012-1621</a>; affected releases: 10.04 (10.04.01); fixed
in 10.04.02</li>
- <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0432"
target="external">CVE-2010-0432</a>; affected releases: 09.04; fixed in
09.04.01</li>
+ <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15714"
target="external">CVE-2017-15714</a>; affected releases: from 16.11.01 to
16.11.03; fixed in 16.11.04 with revision <a
href="//svn.apache.org/viewvc?view=revision&revision=1818482"
target="external">1759065</a></li>
+ <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6800"
target="external">CVE-2016-6800</a>; affected releases: 13.07.*, 12.04.*,
11.04.*; fixed in 16.11.01 with revisions <a
href="//svn.apache.org/viewvc?view=revision&revision=1759065"
target="external">1759065</a> and <a
href="//svn.apache.org/viewvc?view=revision&revision=1759218"
target="external"> 1759218</a></li>
+ <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4462"
target="external">CVE-2016-4462</a>; affected releases: 13.07.*, 12.04.*,
11.04.*; fixed in 16.11.01 with revisions <a
href="//svn.apache.org/viewvc?view=revision&revision=1761978"
target="external">1761978</a>, <a
href="//svn.apache.org/viewvc?view=revision&revision=1761986"
target="external">1761986</a> and <a
href="//svn.apache.org/viewvc?view=revision&revision=1761987"
target="external"> 1761987</a></li>
+ <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2170"
target="external">CVE-2016-2170</a>; affected releases: 13.07.02 and earlier
versions (13.07.*), 12.04.05 and earlier versions (12.04.*); fixed in 13.07.03
and 12.04.06</li>
+ <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3268"
target="external">CVE-2015-3268</a>; affected releases: 13.07.02 and earlier
versions (13.07.*), 12.04.05 and earlier versions (12.04.*); fixed in 13.07.03
and 12.04.06</li>
+ <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0232"
target="external">CVE-2014-0232</a>; affected releases: 12.04.03 and earlier
versions (12.04.*), 11.04.04 and earlier versions (11.04.*); fixed in 12.04.04
and 11.04.05</li>
+ <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2250"
target="external">CVE-2013-2250</a>; affected releases: 12.04.01, 11.04.02 and
earlier versions (11.04.*), 10.04.05 and earlier versions (10.04.*); fixed in
12.04.02, 11.04.03 and 10.04.06</li>
+ <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2137"
target="external">CVE-2013-2137</a>; affected releases: 12.04.01, 11.04.02 and
earlier versions (11.04.*), 10.04.05 and earlier versions (10.04.*); fixed in
12.04.02, 11.04.03 and 10.04.06</li>
+ <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0177"
target="external">CVE-2013-0177</a>; affected releases: 11.04.01, 10.04.04 and
earlier versions (10.04.*); fixed in 11.04.02 and 10.04.05</li>
+ <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3506"
target="external">CVE-2012-3506</a>; affected releases: 10.04.02, 10.04
(10.04.01); fixed in 10.04.03</li>
+ <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1622"
target="external">CVE-2012-1622</a>; affected releases: 10.04 (10.04.01); fixed
in 10.04.02</li>
+ <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1621"
target="external">CVE-2012-1621</a>; affected releases: 10.04 (10.04.01); fixed
in 10.04.02</li>
+ <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0432"
target="external">CVE-2010-0432</a>; affected releases: 09.04; fixed in
09.04.01</li>
</ul>
</div>
- </div>
</div>
</div>
</section>
