[ https://issues.apache.org/jira/browse/OFBIZ-12324?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17494581#comment-17494581 ]
ASF subversion and git services commented on OFBIZ-12324: --------------------------------------------------------- Commit cb5c385286e16009649fa0d052c68b28dfff0313 in ofbiz-framework's branch refs/heads/release18.12 from Jacques Le Roux [ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=cb5c385 ] Improved: Create a deny list to reject webshell tokens (OFBIZ-12324) Prevents CSV injection (MS Excel or Open Office) > Create a deny list to reject webshell tokens > -------------------------------------------- > > Key: OFBIZ-12324 > URL: https://issues.apache.org/jira/browse/OFBIZ-12324 > Project: OFBiz > Issue Type: Improvement > Components: framework/security > Affects Versions: Trunk > Reporter: Jacques Le Roux > Assignee: Jacques Le Roux > Priority: Minor > Fix For: Release Branch 17.12, 18.12.01 > > > In OFBIZ-12305 I said > bq. Somehow related: I'll also soon extract the list of words used in > SecuredUpload::isValidText in a deniedWebShellWords property in > security.properties > This is it -- This message was sent by Atlassian Jira (v8.20.1#820001)