CVE-2022-47501: Apache OFBiz: Arbitrary file reading vulnerability
Severity: important Description: Arbitrary file reading vulnerability in Apache Software Foundation Apache OFBiz.This issue affects Apache OFBiz: before 18.12.07. Required Configurations: Using the Solr plugin Solution: Upgrade to release 18.12.07 Credit: Skay (finder) References: https://lists.apache.org/list.html?annou...@apache.org https://ofbiz.apache.org/download.html https://ofbiz.apache.org/security.html https://ofbiz.apache.org/ https://www.cve.org/CVERecord?id=CVE-2022-47501
[ANNOUNCE] Apache OFBiz 18.12.07 released
The Apache OFBiz community is pleased to announce the new release "Apache OFBiz 18.12.07". Apache OFBiz® is an open source product for the automation of enterprise processes that includes framework components and business applications. http://ofbiz.apache.org/ "Apache OFBiz 18.12.07" is the seventh and final release of the 18.12 series. For details of the changes introduced with this new version please refer to http://ofbiz.apache.org/release-notes-18.12.07.html The history of security related fixes included in each release is available here: https://ofbiz.apache.org/security.html The release files can be downloaded following the instructions in the OFBiz download page: http://ofbiz.apache.org/download.html
[VOTE] [RESULT] Apache OFBiz 18.12.07
The vote is successful with 8 positive votes, of which 7 binding votes, and no negative votes. Thank you! Jacopo On Mon, Apr 3, 2023 at 9:47 AM Jacopo Cappellato < jacopo.cappell...@gmail.com> wrote: > This is the vote thread to publish "Apache OFBiz 18.12.07", seventh > and probably final release from the release18.12 branch. > > The release files can be downloaded from here: > https://dist.apache.org/repos/dist/dev/ofbiz/ > and are: > * apache-ofbiz-18.12.07.zip > * KEYS: text file with keys > * apache-ofbiz-18.12.07.zip.asc: the detached signature file > * apache-ofbiz-18.12.07.zip.sha512: checksum file > > Please download and test the zip file and its signatures (for > instructions on testing the signatures see > http://www.apache.org/info/verification.html). > > Vote: > [ +1] release as Apache OFBiz 18.12.07 > [ -1] do not release > > This vote is open for at least 5 days. > > For more details about this process please refer to > http://www.apache.org/foundation/voting.html >
Re: [VOTE] Apache OFBiz 18.12.07
+1 Jacopo On Mon, Apr 3, 2023 at 9:47 AM Jacopo Cappellato < jacopo.cappell...@gmail.com> wrote: > This is the vote thread to publish "Apache OFBiz 18.12.07", seventh > and probably final release from the release18.12 branch. > > The release files can be downloaded from here: > https://dist.apache.org/repos/dist/dev/ofbiz/ > and are: > * apache-ofbiz-18.12.07.zip > * KEYS: text file with keys > * apache-ofbiz-18.12.07.zip.asc: the detached signature file > * apache-ofbiz-18.12.07.zip.sha512: checksum file > > Please download and test the zip file and its signatures (for > instructions on testing the signatures see > http://www.apache.org/info/verification.html). > > Vote: > [ +1] release as Apache OFBiz 18.12.07 > [ -1] do not release > > This vote is open for at least 5 days. > > For more details about this process please refer to > http://www.apache.org/foundation/voting.html >