Hi I'm sorry, I forgot to mention here the same than for (CVE-2022-25370) for the mitigation.
Obviously there is no patch to apply since we waited [too] long for https://github.com/eclipse/birt/issues/625 to resolve but eventually decided to release OFBiz 18.12.06 with the Birt component disabled. My apologies Jacques Le 02/09/2022 à 08:34, Jacques Le Roux a écrit :
Severity: High Vendor: The Apache Software Foundation Versions Affected: OFBiz versions prior to 18.12.06 Description: The Birt viewer version 4.5.0 has a security issue that allows this exploit. We waited long for https://github.com/eclipse/birt/issues/625 to resolve but eventually decided to release OFBiz 18.12.06 without the Birt component Mitigation: Upgrade to at least 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-... Credit: [email protected] References: http://ofbiz.apache.org/download.html#vulnerabilities
