This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch release18.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/release18.12 by this push:
new f76c08b0ac Fixed: Upgrade Apache Shiro to 1.13.0 to fix CVE-2023-46750
(OFBIZ-12866)
f76c08b0ac is described below
commit f76c08b0ac64de35fcc458e2ef2a6660507502e0
Author: Jacques Le Roux <jacques.le.r...@les7arts.com>
AuthorDate: Wed Nov 15 10:42:30 2023 +0100
Fixed: Upgrade Apache Shiro to 1.13.0 to fix CVE-2023-46750 (OFBIZ-12866)
This makes loadAll Gradle task compatible and allows OFBiz to load
---
.../base/src/main/java/org/apache/ofbiz/base/crypto/DesCrypt.java | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git
a/framework/base/src/main/java/org/apache/ofbiz/base/crypto/DesCrypt.java
b/framework/base/src/main/java/org/apache/ofbiz/base/crypto/DesCrypt.java
index 924b4b65c5..0d907bfe41 100644
--- a/framework/base/src/main/java/org/apache/ofbiz/base/crypto/DesCrypt.java
+++ b/framework/base/src/main/java/org/apache/ofbiz/base/crypto/DesCrypt.java
@@ -130,9 +130,11 @@ public class DesCrypt {
// return a cipher for a key - DESede/CBC/PKCS5Padding with random IV
protected static Cipher getCipher(Key key, int mode, IvParameterSpec iv)
throws GeneralException {
// create the Cipher - DESede/CBC/PKCS5Padding
+ // create the Cipher - AES/CBC/PKCS5Padding
Cipher cipher = null;
try {
- cipher = Cipher.getInstance("DESede/CBC/PKCS5Padding");
+ //cipher = Cipher.getInstance("DESede/CBC/PKCS5Padding");
+ cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
} catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
throw new GeneralException(e);
}
