Hi Michael,
I'll backport to R17 and R17 because this will be needed to fix the CSRF
vulnerability.
I was not clear with my saying. Actually the CSRF fix (OFBIZ-11316) depends upon OFBIZ-11317 because the CSRF fix uses the ofbizURL macro to set the
CSRF token.
So without the changes in OFBIZ-11317 the ofbizURL macro would not apply to the cases fixed in OFBIZ-11317 and the CSRF vulnerability would not be
fixed there.
So I should not even ask this question, OFBIZ-11316 depends on OFBIZ-11317 so
OFBIZ-11317 needs to be backported
I set all that already (as the link between OFBIZ-11316 and OFBIZ-11317shows)
but forgot about it.
Case close, thanks to care.
Jacques
Le 12/02/2020 à 16:49, Michael Brohl a écrit :
Hi Jacques,
what exactly are you going to do? And why?
OFBIZ-11317 contains a huge patch and we should be really careful backporting
IMO.
Regards,
Michael Brohl
ecomify GmbH - www.ecomify.de
Am 12.02.20 um 16:08 schrieb Jacques Le Roux:
Hi All,
Even if OFBIZ-11306 does not directly depend upon it, it's safer to have been
backported with it.
If nobody disagree, I'll do so in a week
Thanks
Jacques
