[
https://issues.apache.org/jira/browse/OFBIZ-11791?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17608628#comment-17608628
]
ASF subversion and git services commented on OFBIZ-11791:
---------------------------------------------------------
Commit 7ae78c2e3fd338683af3951f6da8bc5b418b0a6f in ofbiz-plugins's branch
refs/heads/trunk from Jacques Le Roux
[ https://gitbox.apache.org/repos/asf?p=ofbiz-plugins.git;h=7ae78c2e3 ]
Fixed: Ensure that the SameSite attribute is set to 'strict' for all cookies.
(CVE-2019-0235) (OFBIZ-11470)
I noticed while working on OFBIZ-11791 and after checking (it was 2 years ago)
that I did not put the SameSiteFilter in ecomseo web.xml file. I think it's
because I thought that ecomseo is duplicating ecommerce. But I forgot that it's
not the case for the web.xml file
> Have simplified OFBiz URLs
> --------------------------
>
> Key: OFBIZ-11791
> URL: https://issues.apache.org/jira/browse/OFBIZ-11791
> Project: OFBiz
> Issue Type: Improvement
> Components: ALL APPLICATIONS
> Affects Versions: Trunk, Upcoming Branch
> Reporter: Pierre Smits
> Assignee: Jacques Le Roux
> Priority: Major
> Labels: refactoring, usability
>
> Currently all OFBiz web applications show as part of the urls /control/. This
> however serves no function, and should thus be removed from use.
> This is a parent ticket capturing all appropriate and related tickets as
> tasks to ensure proper mitigation and tracking.
> See This was well advocated by Paul Foxworthy at
> https://markmail.org/message/gzsdbqn3dyfpfetc and https://s.apache.org/93dl5
> for the discussion.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
