[ https://issues.apache.org/jira/browse/OFBIZ-11348?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17036835#comment-17036835 ]
ASF subversion and git services commented on OFBIZ-11348: --------------------------------------------------------- Commit 6e7f6a44954630bd4d204e736629adbb84996e49 in ofbiz-plugins's branch refs/heads/release17.12 from Jacques Le Roux [ https://gitbox.apache.org/repos/asf?p=ofbiz-plugins.git;h=6e7f6a4 ] Improved: Temporarily comment out the "stream" request-map in ecommerce controller for security reason (OFBIZ-11348) No functional change, simply amend the comment > Temporarily comment out the "stream" request-map in ecommerce controller for > security reason > -------------------------------------------------------------------------------------------- > > Key: OFBIZ-11348 > URL: https://issues.apache.org/jira/browse/OFBIZ-11348 > Project: OFBiz > Issue Type: Sub-task > Components: ecommerce > Affects Versions: Upcoming Branch, Release Branch 17.12, Release Branch > 18.12 > Reporter: Jacques Le Roux > Assignee: Jacques Le Roux > Priority: Blocker > Fix For: 17.12.01, Upcoming Branch, Release Branch 18.12 > > > A vulnerability has been reported to the OFBiz security team. To be able to > release the 17.12.01 version with this vulnerability fixed we need to > temporarily comment out the "stream" request-map in ecommerce controller. We > will later fix the specific issue in ecommerce to put back the > functionnalities allowed by the "stream" request-map in ecommerce controller. -- This message was sent by Atlassian Jira (v8.3.4#803005)