This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ofbiz-site.git
The following commit(s) were added to refs/heads/master by this push:
new ac554c3 Fixed: fixes a documentation link
ac554c3 is described below
commit ac554c35de0a322a50717cb67525f3f023815a1c
Author: Jacques Le Roux <jacques.le.r...@les7arts.com>
AuthorDate: Fri May 26 10:49:56 2023 +0200
Fixed: fixes a documentation link
The "we highly suggest to OFBiz users to not use credentials demo in
production"
link
---
security.html | 46 +++++++++++++++++++++---------------------
template/page/security.tpl.php | 18 ++++++++---------
2 files changed, 32 insertions(+), 32 deletions(-)
diff --git a/security.html b/security.html
index d2abe77..eb9778a 100644
--- a/security.html
+++ b/security.html
@@ -82,7 +82,7 @@
</li>
<li><a href="#" class="firstLevel">Community</a>
<ul>
- <li><a href="getting-involved.html">Getting Involved</a></li>
+ <li><a href="getting-involved.html">Getting Involved</a></li>
<li><a href="mailing-lists.html">Mailing Lists</a></li>
<li><a href="source-repositories.html">Source
Repository</a></li>
<li><a href="download.html">Downloads</a></li>
@@ -91,18 +91,18 @@
</ul>
</li>
<li><a href="ofbiz-demos.html" class="firstLevel">Demos</a></li>
- <li>
- <a href="//twitter.com/ApacheOfbiz"
class="icon-twitter-bird socialIcon tips"
- target="external" title="follow us on
Twitter"><span>twitter</span></a>
- </li>
- <li><a href="//www.linkedin.com/company/apache-ofbiz/"
target="external" class="icon-linkedin socialIcon tips" title="follow us on
Linkedin"><span>linkedin</span></a></li>
- <li><a
href="//www.facebook.com/Apache-OFBiz-1478219232210477/?ref=page_internal"
target="external" class="icon-facebook socialIcon tips" title="follow us on
Facebook"><span>facebook</span></a></li>
- <li><a href="//www.youtube.com/user/ofbiz" class="icon-play
socialIcon tips" target="external" title="follow us on
Youtube"><span>Youtube</span></a></li>
- <!--<li><a href="#" class="icon-rss socialIcon tips"
title="Our rss feed"><span>rss feed</span></a></li>
- <li><a href="#" class="icon-gplus socialIcon tips"
title="follow us on Google +"><span>google +</span></a></li>
- <li><a href="#" class="icon-instagram socialIcon tips"
title="follow us on Instagram"><span>instagram</span></a></li>
- <li><a href="#" class="icon-linkedin socialIcon tips"
title="follow us on Linkedin"><span>linkedin</span></a></li>
- <li><a href="#" class="icon-pinterest-circled socialIcon
tips" title="follow us on Pinterest"><span>Pinterest</span></a></li>-->
+ <li>
+ <a href="//twitter.com/ApacheOfbiz" class="icon-twitter-bird
socialIcon tips"
+ target="external" title="follow us on
Twitter"><span>twitter</span></a>
+ </li>
+ <li><a href="//www.linkedin.com/company/apache-ofbiz/" target="external"
class="icon-linkedin socialIcon tips" title="follow us on
Linkedin"><span>linkedin</span></a></li>
+ <li><a
href="//www.facebook.com/Apache-OFBiz-1478219232210477/?ref=page_internal"
target="external" class="icon-facebook socialIcon tips" title="follow us on
Facebook"><span>facebook</span></a></li>
+ <li><a href="//www.youtube.com/user/ofbiz" class="icon-play socialIcon
tips" target="external" title="follow us on
Youtube"><span>Youtube</span></a></li>
+ <!--<li><a href="#" class="icon-rss socialIcon tips" title="Our rss
feed"><span>rss feed</span></a></li>
+ <li><a href="#" class="icon-gplus socialIcon tips" title="follow us on
Google +"><span>google +</span></a></li>
+ <li><a href="#" class="icon-instagram socialIcon tips" title="follow us
on Instagram"><span>instagram</span></a></li>
+ <li><a href="#" class="icon-linkedin socialIcon tips" title="follow us
on Linkedin"><span>linkedin</span></a></li>
+ <li><a href="#" class="icon-pinterest-circled socialIcon tips"
title="follow us on Pinterest"><span>Pinterest</span></a></li>-->
</ul>
</nav>
</div>
@@ -130,23 +130,23 @@
<h2><a id="security"></a>Security Vulnerabilities</h2>
<div class="divider"><span></span></div>
<p>Please see the <a href="https://www.apache.org/security";
target="external">ASF Security Team webpage</a> for further information about
reporting a security vulnerability as well as their contact information. </p>
-
+
<p><strong>We strongly encourage OfBiz users to report security
problems affecting OFBiz to the private security mailing lists (either
secur...@ofbiz.apache.org or secur...@apache.org),
before disclosing them in a public forum. Please don't pack
several vulnerabilities in the same report, send them one by one, thanks in
advance.</strong></p>
-
- <p>Note that we no longer create CVEs for post-auth attacks done
using demo credentials, notably using the admin user.
+
+ <p>Note that we no longer create CVEs for post-auth attacks done
using demo credentials, notably using the admin user.
<strong> <a href="https://s.apache.org/dsj2p";> Rather create bugs
reports in our issue tracker (Jira) for that.</a><span style="color:red">
Please don't create Jira issues for unauth (aka pre-auth) reports, thanks in
advance.</span></strong></p>
-
- <p>One of the reason we no longer create CVEs for post-auth
attacks done using demo credentials is because
- <a
href="https://nightlies.apache.org/ofbiz/trunk/readme/html5/#security";
target="external"> we highly suggest to OFBiz users to not use credentials demo
in production</a>
+
+ <p>One of the reason we no longer create CVEs for post-auth
attacks done using demo credentials is because
+ <a
href="https://nightlies.apache.org/ofbiz/trunk/readme/html5/README.html#security";
target="external"> we highly suggest to OFBiz users to not use credentials
demo in production</a>
and we expect OFBiz users to do so.
- <a
href="https://cwiki.apache.org/confluence/display/OFBIZ/Keeping+OFBiz+secure";
target="external"> We also warn our users on the "Keeping OFBiz secure wiki
page".</a>
+ <a
href="https://cwiki.apache.org/confluence/display/OFBIZ/Keeping+OFBiz+secure";
target="external"> We also warn our users on the "Keeping OFBiz secure wiki
page".</a>
And finally, mostly we reject post-auth vulnerabilities because we
have a solid CSRF defense.</p>
-
+
<h3>List of Known Vulnerabilities</h3>
<ul class="iconsList">
- <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47501"
target="external">CVE-2022-47501</a>; affected releases before 18.12.07; fixed
in 18.12.07 with commit <a
href="https://github.com/apache/ofbiz-plugins/commit/582add7d3";
target="external">582add7d3</a></li>
+ <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47501"
target="external">CVE-2022-47501</a>; affected releases before 18.12.07; fixed
in 18.12.07 with commit <a
href="https://github.com/apache/ofbiz-plugins/commit/582add7d3";
target="external">582add7d3</a></li>
<li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25813"
target="external">CVE-2022-25813</a>; affected releases before 18.12.06; fixed
in 18.12.06 with commits <a
href="https://github.com/apache/ofbiz-framework/commit/843b1c7e71";
target="external">843b1c7e71</a>, <a
href="https://github.com/apache/ofbiz-framework/commit/3797e60375";
target="external">3797e60375</a>, <a
href="https://github.com/apache/ofbiz-framework/commit/b24dcff344"; [...]
<li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29063"
target="external">CVE-2022-29063</a>; affected releases before 18.12.06; fixed
in 18.12.06 with commit <a
href="https://github.com/apache/ofbiz-plugins/commit/061252a80";
target="external">061252a80</a></li>
<li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29158"
target="external">CVE-2022-29158</a>; affected releases before 18.12.06; fixed
in 18.12.06 with commit <a
href="https://github.com/apache/ofbiz-framework/commit/ff92c4bc9";
target="external">ff92c4bc9</a></li>
@@ -244,7 +244,7 @@
<li><a
href="https://privacy.apache.org/policies/privacy-policy-public.html";
target="external">Privacy Policy</a></li>
<li><a href="https://www.apache.org/events/current-event";
target="external">Events</a></li>
<li><a href="https://www.apache.org/foundation/sponsorship.html";
target="external">Sponsorship</a>
- and <a
href="https://www.apache.org/foundation/contributing.html";
target="external">Donations</a>
+ and <a
href="https://www.apache.org/foundation/contributing.html";
target="external">Donations</a>
</li>
<li><a href="https://www.apache.org/foundation/thanks.html";
target="external">Thanks</a></li>
<li><a
href="https://ofbiz.apache.org/security.html";>Security</a></li>
diff --git a/template/page/security.tpl.php b/template/page/security.tpl.php
index 297cde5..6932770 100644
--- a/template/page/security.tpl.php
+++ b/template/page/security.tpl.php
@@ -19,23 +19,23 @@
<h2><a id="security"></a>Security Vulnerabilities</h2>
<div class="divider"><span></span></div>
<p>Please see the <a href="https://www.apache.org/security";
target="external">ASF Security Team webpage</a> for further information about
reporting a security vulnerability as well as their contact information. </p>
-
+
<p><strong>We strongly encourage OfBiz users to report security
problems affecting OFBiz to the private security mailing lists (either
secur...@ofbiz.apache.org or secur...@apache.org),
before disclosing them in a public forum. Please don't pack
several vulnerabilities in the same report, send them one by one, thanks in
advance.</strong></p>
-
- <p>Note that we no longer create CVEs for post-auth attacks done
using demo credentials, notably using the admin user.
+
+ <p>Note that we no longer create CVEs for post-auth attacks done
using demo credentials, notably using the admin user.
<strong> <a href="https://s.apache.org/dsj2p";> Rather create bugs
reports in our issue tracker (Jira) for that.</a><span style="color:red">
Please don't create Jira issues for unauth (aka pre-auth) reports, thanks in
advance.</span></strong></p>
-
- <p>One of the reason we no longer create CVEs for post-auth
attacks done using demo credentials is because
- <a
href="https://nightlies.apache.org/ofbiz/trunk/readme/html5/#security";
target="external"> we highly suggest to OFBiz users to not use credentials demo
in production</a>
+
+ <p>One of the reason we no longer create CVEs for post-auth
attacks done using demo credentials is because
+ <a
href="https://nightlies.apache.org/ofbiz/trunk/readme/html5/README.html#security";>
we highly suggest to OFBiz users to not use credentials demo in production</a>
and we expect OFBiz users to do so.
- <a
href="https://cwiki.apache.org/confluence/display/OFBIZ/Keeping+OFBiz+secure";
target="external"> We also warn our users on the "Keeping OFBiz secure wiki
page".</a>
+ <a
href="https://cwiki.apache.org/confluence/display/OFBIZ/Keeping+OFBiz+secure";
target="external"> We also warn our users on the "Keeping OFBiz secure wiki
page".</a>
And finally, mostly we reject post-auth vulnerabilities because we
have a solid CSRF defense.</p>
-
+
<h3>List of Known Vulnerabilities</h3>
<ul class="iconsList">
- <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47501"
target="external">CVE-2022-47501</a>; affected releases before 18.12.07; fixed
in 18.12.07 with commit <a
href="https://github.com/apache/ofbiz-plugins/commit/582add7d3";
target="external">582add7d3</a></li>
+ <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47501"
target="external">CVE-2022-47501</a>; affected releases before 18.12.07; fixed
in 18.12.07 with commit <a
href="https://github.com/apache/ofbiz-plugins/commit/582add7d3";
target="external">582add7d3</a></li>
<li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25813"
target="external">CVE-2022-25813</a>; affected releases before 18.12.06; fixed
in 18.12.06 with commits <a
href="https://github.com/apache/ofbiz-framework/commit/843b1c7e71";
target="external">843b1c7e71</a>, <a
href="https://github.com/apache/ofbiz-framework/commit/3797e60375";
target="external">3797e60375</a>, <a
href="https://github.com/apache/ofbiz-framework/commit/b24dcff344"; [...]
<li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29063"
target="external">CVE-2022-29063</a>; affected releases before 18.12.06; fixed
in 18.12.06 with commit <a
href="https://github.com/apache/ofbiz-plugins/commit/061252a80";
target="external">061252a80</a></li>
<li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29158"
target="external">CVE-2022-29158</a>; affected releases before 18.12.06; fixed
in 18.12.06 with commit <a
href="https://github.com/apache/ofbiz-framework/commit/ff92c4bc9";
target="external">ff92c4bc9</a></li>
