[jira] [Commented] (OFBIZ-13162) [SECURITY] (CVE-2024-48962) Enhance Parameter Encoding in MacroMenuRenderer

Sat, 30 Nov 2024 04:20:37 -0800 


    [ 
https://issues.apache.org/jira/browse/OFBIZ-13162?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17902029#comment-17902029
 ] 

ASF subversion and git services commented on OFBIZ-13162:
---------------------------------------------------------

Commit b663c864a7da5450e684feec879ce3cd91a0973d in ofbiz-framework's branch 
refs/heads/release18.12 from Jacques Le Roux
[ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=b663c864a7 ]

Reverted:  commits post to 761fb67d7f commit (OFBIZ-13162)

This is for a quick test on stable demo. It will be quickly reverted.

Revert "Improved: adds an OFBiz-Online-Documentation.adoc file.txt"
This reverts commit a1342e17b4bb6b4317018e57f3fdb5d3ca835386.

Revert "Improved: Prevent URL parameters manipulation (OFBIZ-13147)"
This reverts commit 59e79c6f39beb031cf2b476215b0701745725a64.

Revert "Fixed: [SECURITY]  Several CVEs in Apache Tomcat (OFBIZ-13180)"
This reverts commit a11e1fba91da54e59c4d7b22cd7562009558bc7f.

Revert "Improved: Prevent URL parameters manipulation (OFBIZ-13147)"
This reverts commit b15ffa06fc348c085ae178a77a4e4e83f610f4f8.

Revert "Fixed: Support non-breaking spaces in numeric strings (OFBIZ-13168)"
This reverts commit 98abd377d05530190ee954bee16768c7dc4adb59.

Revert "Fixed: Support non-breaking spaces in numeric strings (OFBIZ-13168)"
This reverts commit 8a3293a78756827ddaec42456f1b1da59e1e5e58.

Revert "Improved: Prevent URL parameters manipulation (OFBIZ-13147)"
This reverts commit de26aaebb484c7fdfe84b0efff52f31f8db5be8b.

Revert "Improved: updates README.adoc for JDK use, now 11"
This reverts commit 42d0ad8532a1eae80bce597c818ed1a453a9ca9c.


>  [SECURITY] (CVE-2024-48962) Enhance Parameter Encoding in MacroMenuRenderer
> ----------------------------------------------------------------------------
>
>                 Key: OFBIZ-13162
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-13162
>             Project: OFBiz
>          Issue Type: Sub-task
>            Reporter: Deepak Dixit
>            Assignee: Deepak Dixit
>            Priority: Major
>             Fix For: 18.12.17
>
>
> {{MacroMenuRenderer}} should utilize {{UtilCodec.SimpleEncoder}} to encode 
> parameter values when available.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to