This is an automated email from the ASF dual-hosted git repository. jleroux pushed a commit to branch release24.09 in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
commit 8fdabf3a78c40a5760a2206bfb857322e20f6b1d Author: Jacques Le Roux <[email protected]> AuthorDate: Wed Sep 24 09:29:49 2025 +0200 Improved: we no longer use the notion of pre-auth and post-auth We rather use the security policy detailed at https://ofbiz.apache.org/security.html --- README.adoc | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/README.adoc b/README.adoc index e05198b1c4..577795370e 100644 --- a/README.adoc +++ b/README.adoc @@ -187,16 +187,6 @@ In case of problems visit our link:#further-reading[Further reading section]. [[security]] == Security -* If you find a pre-auth security issue, please report it to: security @ ofbiz.apache.org. -Once proper mitigations to the security issues are complete the OFBiz team will -disclose this information to the public mailing list. -* If you find a post-auth security issue, please https://s.apache.org/dsj2p[create a bug in our issue tracker (Jira)] . - -* If you want to use AJP on a non localhost OFBiz instance, you need to set the value of allowedRequestAttributesPattern -in framework/catalina/ofbiz-component.xml - -You can find more information about security in OFBiz at -https://cwiki.apache.org/confluence/display/OFBIZ/Keeping+OFBiz+secure[Keeping OFBiz secure] [CAUTION] ==== @@ -205,6 +195,14 @@ In production never use the credentials contained in demo data. Not only the adm Also we recommend to not use Windows Server in production because we are not supporting specific Windows related security issues. ==== +* If you want to use AJP on a non localhost OFBiz instance, you need to set the value of allowedRequestAttributesPattern +in framework/catalina/ofbiz-component.xml + + +You can find more information about security in OFBiz at +https://ofbiz.apache.org/security.html[the official security page] + + [[build-system-syntax]] == Build system syntax
