HI Jacques, If the project still sees XMLRPC functionality as an important OFBiz service, we should work to get the CI to work with the tests. If the project feels it has outlived its usefulness, we should work to get this attic-ed.
Met vriendelijke groet, Pierre Smits *Proud* *contributor** of* Apache OFBiz <https://ofbiz.apache.org/> since 2008 (without privileges) Proud contributor to the ASF since 2006 *Apache Directory <https://directory.apache.org>, PMC Member* On Wed, Dec 15, 2021 at 5:24 PM Jacques Le Roux < jacques.le.r...@les7arts.com> wrote: > Le 14/12/2021 à 09:34, Jacques Le Roux a écrit : > > I also wonder if we should not get rid of Apache XMLRPC knowing that > it's no longer maintained: > https://github.com/advisories/GHSA-6vwp-35w3-xph8 > > A milder mitigation would be to simply comment out the 2 tests that fail > on BuildBot. That would allow to keep XMLRPC for those interested. Like > people working in a safe (ie no internet) environment. We also know that > only post-auth attacks are possible. > > Opinions? > > Jacques > >
