This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a change to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git.
from ba548f6 Merge branch 'JacquesLeRoux-POC-for-CSRF-Token-OFBIZ-11306'
into trunk Because of GitHub message on PR56: This branch cannot be rebased due
to conflicts
new e0f0d52 Fixed: Prevent Host Header Injection (CVE-2019-12425)
new 05354b7 Improved: prevent [rawtypes] found raw type: List at
RequestHandler.java:89
new ba707d4 Implemented: POC for CSRF Token (OFBIZ-11306)
The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../src/main/java/org/apache/ofbiz/base/util/UtilMisc.java | 13 +++++++++++++
framework/security/config/security.properties | 13 ++++++++++---
.../src/main/java/org/apache/ofbiz/security/CsrfUtil.java | 2 +-
.../org/apache/ofbiz/webapp/control/RequestHandler.java | 11 ++++++++++-
4 files changed, 34 insertions(+), 5 deletions(-)
