[
https://issues.apache.org/jira/browse/OFBIZ-13219?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17940567#comment-17940567
]
ASF subversion and git services commented on OFBIZ-13219:
---------------------------------------------------------
Commit 2d414f870c5b39013e5df95a82066e1332110b43 in ofbiz-site's branch
refs/heads/master from Jacques Le Roux
[ https://gitbox.apache.org/repos/asf?p=ofbiz-site.git;h=2d414f8 ]
Fixed: [CVE-2025-30676] Only accept right URLs as referrer (OFBIZ-13219)
Fixes a backport "typo" (UtilValidate::isUrlInString is UtilValidate::isUrl in
24.09 and 18.12
In previous commit I missed to change VisitDetail.ftl. So I add the dba044c706
commit to the security page for CVE-2025-30676, following Nicolas's idea shared
privately: " Other security issues 'd be published by patch"
Hence people still using 18.12 branch and specifically 18.12.19 will be able
to "auto-update" and as I said "as long as it's reasonably possible..."
> [CVE-2025-30676] Only accept right URLs as referrer
> ---------------------------------------------------
>
> Key: OFBIZ-13219
> URL: https://issues.apache.org/jira/browse/OFBIZ-13219
> Project: OFBiz
> Issue Type: Sub-task
> Components: framework/webapp, party
> Affects Versions: 18.12.18
> Reporter: Jacques Le Roux
> Assignee: Jacques Le Roux
> Priority: Minor
> Fix For: 18.12.19
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
