Thank you Jacques for adding the statement: however I think it is time to remove the entire section of 17.12.08 since we have enough releases out of 18.12 already. The release 17.12.08 will always be available in the archive.
Jacopo On Sun, Jan 2, 2022 at 6:55 PM <jler...@apache.org> wrote: > > This is an automated email from the ASF dual-hosted git repository. > > jleroux pushed a commit to branch master > in repository https://gitbox.apache.org/repos/asf/ofbiz-site.git > > > The following commit(s) were added to refs/heads/master by this push: > new a69cf9f More information about security and EOL (End Of Life) > a69cf9f is described below > > commit a69cf9f4cdeb1b23e3b1db30ada47b52aa7f3dd0 > Author: Jacques Le Roux <jacques.le.r...@les7arts.com> > AuthorDate: Sun Jan 2 18:55:24 2022 +0100 > > More information about security and EOL (End Of Life) > --- > download.html | 2 +- > security.html | 2 +- > template/page/download.tpl.php | 2 +- > template/page/security.tpl.php | 2 +- > 4 files changed, 4 insertions(+), 4 deletions(-) > > diff --git a/download.html b/download.html > index be0b541..51a7d62 100644 > --- a/download.html > +++ b/download.html > @@ -198,7 +198,7 @@ > > <h2>Apache OFBiz 17.12.08</h2> > <div class="divider"><span></span></div> > - <p> Released on August 2021, this is the eighth and final > release of the 17.12 series, that has been stabilized since December 2017.</p> > + <p> Released on August 2021, this is the eighth and final > release of the 17.12 series, that has been stabilized since December 2017. > That means that the release17.12 branch has reached its End Of Life (EOL) and > is no longer supported from a security perspective</p> > <a > href="https://www.apache.org/dyn/closer.lua/ofbiz/apache-ofbiz-17.12.08.zip"; > target="external" >Download OFBiz 17.12.08</a> > <a > href="https://downloads.apache.org/ofbiz/apache-ofbiz-17.12.08.zip.asc"; > target="external">[PGP]</a> > <a > href="https://downloads.apache.org/ofbiz/apache-ofbiz-17.12.08.zip.sha512"; > target="external">[SHA512]</a> > diff --git a/security.html b/security.html > index 12efce9..0a05ab9 100644 > --- a/security.html > +++ b/security.html > @@ -136,7 +136,7 @@ > <p>Note that we no longer create CVEs for post-auth attacks done > using demo credentials, notably using the admin user. > <strong> <a href="https://s.apache.org/dsj2p";> Rather create > bugs reports in our issue tracker (Jira) for that.</a></strong></p> > > - <p>The main reason why we no longer create CVEs for post-auth > attacks done using demo credentials is because > + <p>The main reason we no longer create CVEs for post-auth > attacks done using demo credentials is because > <a > href="https://ci.apache.org/projects/ofbiz/site/trunk/readme/html5/README.html#security";> > we highly suggest to OFBiz users to not use credentials demo in > production</a> > and we expect OFBiz users to do so. We also reject post-auth > vulnerabilities because we have a solid CSRF defense.</p> > > diff --git a/template/page/download.tpl.php b/template/page/download.tpl.php > index d4ec4d5..892cc2f 100644 > --- a/template/page/download.tpl.php > +++ b/template/page/download.tpl.php > @@ -87,7 +87,7 @@ > > <h2>Apache OFBiz 17.12.08</h2> > <div class="divider"><span></span></div> > - <p> Released on August 2021, this is the eighth and final > release of the 17.12 series, that has been stabilized since December 2017.</p> > + <p> Released on August 2021, this is the eighth and final > release of the 17.12 series, that has been stabilized since December 2017. > That means that the release17.12 branch has reached its End Of Life (EOL) and > is no longer supported from a security perspective</p> > <a > href="https://www.apache.org/dyn/closer.lua/ofbiz/apache-ofbiz-17.12.08.zip"; > target="external" >Download OFBiz 17.12.08</a> > <a > href="https://downloads.apache.org/ofbiz/apache-ofbiz-17.12.08.zip.asc"; > target="external">[PGP]</a> > <a > href="https://downloads.apache.org/ofbiz/apache-ofbiz-17.12.08.zip.sha512"; > target="external">[SHA512]</a> > diff --git a/template/page/security.tpl.php b/template/page/security.tpl.php > index 532a9f7..c6ee66a 100644 > --- a/template/page/security.tpl.php > +++ b/template/page/security.tpl.php > @@ -25,7 +25,7 @@ > <p>Note that we no longer create CVEs for post-auth attacks done > using demo credentials, notably using the admin user. > <strong> <a href="https://s.apache.org/dsj2p";> Rather create > bugs reports in our issue tracker (Jira) for that.</a></strong></p> > > - <p>The main reason why we no longer create CVEs for post-auth > attacks done using demo credentials is because > + <p>The main reason we no longer create CVEs for post-auth > attacks done using demo credentials is because > <a > href="https://ci.apache.org/projects/ofbiz/site/trunk/readme/html5/README.html#security";> > we highly suggest to OFBiz users to not use credentials demo in > production</a> > and we expect OFBiz users to do so. We also reject post-auth > vulnerabilities because we have a solid CSRF defense.</p> >
