[ 
https://issues.apache.org/jira/browse/OFBIZ-13130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17899971#comment-17899971
 ] 

Jacques Le Roux commented on OFBIZ-13130:
-----------------------------------------

I have checked using  
https://www.utilities-online.info/xsdvalidation
and
https://www.liquid-technologies.com/online-xsd-validator

Both validate, the error must come from Eclipse, forget it.


> [CVE-2024-45195] Add permission check for view-maps and change defaults for 
> request-maps
> ----------------------------------------------------------------------------------------
>
>                 Key: OFBIZ-13130
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-13130
>             Project: OFBiz
>          Issue Type: Sub-task
>          Components: ALL APPLICATIONS, ALL COMPONENTS, ALL PLUGINS
>    Affects Versions: 18.12.15
>            Reporter: Sebastian Tschikin
>            Assignee: Sebastian Tschikin
>            Priority: Major
>             Fix For: 18.12.16
>
>
> If a user is not authorized, the system should not allow access to rendered 
> views.
> Additionally, the default for the request-map paramerters "auth" and "https" 
> should be set to "true".
> This improvement aims to enhance security by preventing unauthorized access.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to