JacquesLeRoux commented on PR #919: URL: https://github.com/apache/ofbiz-framework/pull/919#issuecomment-3591846755
Hi guys, Indeed it's annoying to not be able to enable only Birt when using Docker. Though we must know what that means. Long story short, the Birt component was disabled with [OFBIZ-12824](https://issues.apache.org/jira/browse/OFBIZ-12824) because of CVE-2022-25371. That does not prevent to use Birt in OFBiz. But so as far as we have not done the work needed by CVE-2014-3596 (see [OFBIZ-5744](https://issues.apache.org/jira/browse/OFBIZ-5744) for details) it can be used only locally (without any Internet connection) without fearing security attacks. Apart some rare cases*, the Birt component is mostly used for [flexible report](https://github.com/apache/ofbiz-plugins/blob/f8121753152a9317c302731e346475958984ffee/birt/src/docs/asciidoc/birt.adoc#L4). \* [If you search for the word Birt in Jira](https://issues.apache.org/jira/browse/OFBIZ-12231?jql=project%20%3D%20OFBIZ%20AND%20status%20in%20(Open%2C%20%22In%20Progress%22%2C%20Reopened%2C%20%22Patch%20Available%22)%20AND%20text%20~%20%22birt%22) Only OFBIZ-9340 OFBIZ-9382 OFBIZ-11079 OFBIZ-12231 are related To allow OFBiz users to use the birt component when using Docker, I suggest to comment in docker-entrypoint.sh about OFBIZ-13314 to allow them to revert the https://github.com/apache/ofbiz-framework/commit/c81c469ec4 commot. It's not even a big deal to do it by hand. What do you think ? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
