[ 
https://issues.apache.org/jira/browse/OFBIZ-11353?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17036824#comment-17036824
 ] 

ASF subversion and git services commented on OFBIZ-11353:
---------------------------------------------------------

Commit 5684b4945362d47841e55c9f8d9abeb806a94f87 in ofbiz-framework's branch 
refs/heads/release17.12 from Jacques Le Roux
[ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=5684b49 ]

Fixed: Temporarily comment out the "stream" request-map in ecommerce controller
for security reason
(OFBIZ-11353)

A vulnerability has been reported to the OFBiz security team. To be able to
release the 17.12.01 version with this vulnerability fixed we need to
temporarily comment out the "stream" request-map in commonext controller.
We will later fix the specific issue to put back the functionalities allowed by
the "stream" request-map in this controller, see OFBIZ-11349


> Temporarily comment out the "stream" request-map in commonext controller.xml 
> for security reason
> ------------------------------------------------------------------------------------------------
>
>                 Key: OFBIZ-11353
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-11353
>             Project: OFBiz
>          Issue Type: Bug
>          Components: ALL COMPONENTS
>    Affects Versions: Upcoming Branch, Release Branch 17.12, Release Branch 
> 18.12
>            Reporter: Jacques Le Roux
>            Priority: Blocker
>
> A vulnerability has been reported to the OFBiz security team.  To be able to 
> release the 17.12.01 version with this vulnerability fixed we need to 
> temporarily comment out the "stream" request-map in commonext controller. We 
> will later fix the specific issue to put back the functionnalities allowed by 
> the "stream" request-map in commonext controller.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to