[ https://issues.apache.org/jira/browse/OFBIZ-13130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17899971#comment-17899971 ]
Jacques Le Roux commented on OFBIZ-13130: ----------------------------------------- I have checked using https://www.utilities-online.info/xsdvalidation and https://www.liquid-technologies.com/online-xsd-validator Both validate, the error must come from Eclipse, forget it. > [CVE-2024-45195] Add permission check for view-maps and change defaults for > request-maps > ---------------------------------------------------------------------------------------- > > Key: OFBIZ-13130 > URL: https://issues.apache.org/jira/browse/OFBIZ-13130 > Project: OFBiz > Issue Type: Sub-task > Components: ALL APPLICATIONS, ALL COMPONENTS, ALL PLUGINS > Affects Versions: 18.12.15 > Reporter: Sebastian Tschikin > Assignee: Sebastian Tschikin > Priority: Major > Fix For: 18.12.16 > > > If a user is not authorized, the system should not allow access to rendered > views. > Additionally, the default for the request-map paramerters "auth" and "https" > should be set to "true". > This improvement aims to enhance security by preventing unauthorized access. -- This message was sent by Atlassian Jira (v8.20.10#820010)