This is an automated email from the ASF dual-hosted git repository. jleroux pushed a commit to branch release18.12 in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/release18.12 by this push: new f76c08b0ac Fixed: Upgrade Apache Shiro to 1.13.0 to fix CVE-2023-46750 (OFBIZ-12866) f76c08b0ac is described below commit f76c08b0ac64de35fcc458e2ef2a6660507502e0 Author: Jacques Le Roux <jacques.le.r...@les7arts.com> AuthorDate: Wed Nov 15 10:42:30 2023 +0100 Fixed: Upgrade Apache Shiro to 1.13.0 to fix CVE-2023-46750 (OFBIZ-12866) This makes loadAll Gradle task compatible and allows OFBiz to load --- .../base/src/main/java/org/apache/ofbiz/base/crypto/DesCrypt.java | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/framework/base/src/main/java/org/apache/ofbiz/base/crypto/DesCrypt.java b/framework/base/src/main/java/org/apache/ofbiz/base/crypto/DesCrypt.java index 924b4b65c5..0d907bfe41 100644 --- a/framework/base/src/main/java/org/apache/ofbiz/base/crypto/DesCrypt.java +++ b/framework/base/src/main/java/org/apache/ofbiz/base/crypto/DesCrypt.java @@ -130,9 +130,11 @@ public class DesCrypt { // return a cipher for a key - DESede/CBC/PKCS5Padding with random IV protected static Cipher getCipher(Key key, int mode, IvParameterSpec iv) throws GeneralException { // create the Cipher - DESede/CBC/PKCS5Padding + // create the Cipher - AES/CBC/PKCS5Padding Cipher cipher = null; try { - cipher = Cipher.getInstance("DESede/CBC/PKCS5Padding"); + //cipher = Cipher.getInstance("DESede/CBC/PKCS5Padding"); + cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); } catch (NoSuchAlgorithmException | NoSuchPaddingException e) { throw new GeneralException(e); }