Re: [VOTE] Apache OFBiz 18.12.08

[Jacques Le Roux]

+1, all works as expected

Jacques

Le 26/05/2023 à 11:33, Jacopo Cappellato a écrit :

This is the vote thread to publish "Apache OFBiz 18.12.08", eighth
release from the release18.12 branch.

The release files can be downloaded from here:
https://dist.apache.org/repos/dist/dev/ofbiz/
and are:
* apache-ofbiz-18.12.08.zip
* KEYS: text file with keys
* apache-ofbiz-18.12.08.zip.asc: the detached signature file
* apache-ofbiz-18.12.08.zip.sha512: checksum file

Please download and test the zip file and its signatures (for
instructions on testing the signatures see
http://www.apache.org/info/verification.html).

Vote:
[ +1] release as Apache OFBiz 18.12.08
[ -1] do not release

This vote is open for at least 5 days.

For more details about this process please refer to
http://www.apache.org/foundation/voting.html

[VOTE] Apache OFBiz 18.12.08

[Jacopo Cappellato]

This is the vote thread to publish "Apache OFBiz 18.12.08", eighth
release from the release18.12 branch.

The release files can be downloaded from here:
https://dist.apache.org/repos/dist/dev/ofbiz/
and are:
* apache-ofbiz-18.12.08.zip
* KEYS: text file with keys
* apache-ofbiz-18.12.08.zip.asc: the detached signature file
* apache-ofbiz-18.12.08.zip.sha512: checksum file

Please download and test the zip file and its signatures (for
instructions on testing the signatures see
http://www.apache.org/info/verification.html).

Vote:
[ +1] release as Apache OFBiz 18.12.08
[ -1] do not release

This vote is open for at least 5 days.

For more details about this process please refer to
http://www.apache.org/foundation/voting.html

Re: [ofbiz-site] branch master updated: Fixed: fixes a documentation link

[Jacques Le Roux]

Sorry, forgot to mention that there are also no functional changes : tabs 
changed to spaces and trailing spaces removed.

Le 26/05/2023 à 10:49, jler...@apache.org a écrit :

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ofbiz-site.git


The following commit(s) were added to refs/heads/master by this push:
  new ac554c3  Fixed: fixes a documentation link
ac554c3 is described below

commit ac554c35de0a322a50717cb67525f3f023815a1c
Author: Jacques Le Roux 
AuthorDate: Fri May 26 10:49:56 2023 +0200

 Fixed: fixes a documentation link
 
 The "we highly suggest to OFBiz users to not use credentials demo in production"

 link
---
  security.html  | 46 +-
  template/page/security.tpl.php | 18 -
  2 files changed, 32 insertions(+), 32 deletions(-)

diff --git a/security.html b/security.html
index d2abe77..eb9778a 100644
--- a/security.html
+++ b/security.html
@@ -82,7 +82,7 @@
  
  Community

-Getting Involved
+Getting Involved
  Mailing Lists
  Source 
Repository
  Downloads
@@ -91,18 +91,18 @@

  
  Demos
- 
-   twitter
- 
- linkedin
- facebook
- Youtube
- 
+  
+twitter
+  
+  linkedin
+  facebook
+  Youtube
+  

  

@@ -130,23 +130,23 @@
  Security Vulnerabilities
  
  Please see the  https://www.apache.org/security; 
target="external">ASF Security Team webpage for further information about reporting a security 
vulnerability as well as their contact information. 
-
+
  We strongly encourage OfBiz users to report security 
problems affecting OFBiz to the private security mailing lists (either 
secur...@ofbiz.apache.org or secur...@apache.org),
   before disclosing them in a public forum. Please don't pack several 
vulnerabilities in the same report, send them one by one, thanks in 
advance.
-
-Note that we no longer create CVEs for post-auth attacks done 
using demo credentials, notably using the admin user.
+
+Note that we no longer create CVEs for post-auth attacks done 
using demo credentials, notably using the admin user.
   https://s.apache.org/dsj2p;> Rather create bugs reports in our issue tracker (Jira) for 
that. Please don't create Jira issues for unauth (aka pre-auth) reports, thanks in 
advance.
-
-One of the reason we no longer create CVEs for post-auth 
attacks done using demo credentials is because
-https://nightlies.apache.org/ofbiz/trunk/readme/html5/#security; 
target="external"> we highly suggest to OFBiz users to not use credentials demo in 
production
+
+One of the reason we no longer create CVEs for post-auth 
attacks done using demo credentials is because
+https://nightlies.apache.org/ofbiz/trunk/readme/html5/README.html#security; 
target="external"> we highly suggest to OFBiz users to not use credentials demo in 
production
   and we expect OFBiz users to do so.
-https://cwiki.apache.org/confluence/display/OFBIZ/Keeping+OFBiz+secure; 
target="external"> We also warn our users on the "Keeping OFBiz secure wiki page".
+https://cwiki.apache.org/confluence/display/OFBIZ/Keeping+OFBiz+secure; 
target="external"> We also warn our users on the "Keeping OFBiz secure wiki page".
  And finally, mostly we reject post-auth vulnerabilities because we have 
a solid CSRF defense.
-
+
  List of Known Vulnerabilities
  
  
- CVE-2022-47501; affected releases before 18.12.07; fixed in 18.12.07 with commit https://github.com/apache/ofbiz-plugins/commit/582add7d3; target="external">582add7d3

+ CVE-2022-47501; affected releases before 18.12.07; fixed in 18.12.07 with commit https://github.com/apache/ofbiz-plugins/commit/582add7d3; target="external">582add7d3
   CVE-2022-25813; 
affected releases before 18.12.06; fixed in 18.12.06 with commits https://github.com/apache/ofbiz-framework/commit/843b1c7e71; target="external">843b1c7e71, https://github.com/apache/ofbiz-framework/commit/3797e60375; target="external">3797e60375, https://github.com/apache/ofbiz-framework/commit/b24dcff344; 
[...]
   CVE-2022-29063; affected releases before 18.12.06; fixed in 18.12.06 with commit https://github.com/apache/ofbiz-plugins/commit/061252a80; target="external">061252a80
   CVE-2022-29158; affected releases before 18.12.06; fixed in 18.12.06 with commit