[jira] [Closed] (OFBIZ-11848) Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)
[ https://issues.apache.org/jira/browse/OFBIZ-11848?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Michael Brohl closed OFBIZ-11848. - Resolution: Fixed > Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996) > - > > Key: OFBIZ-11848 > URL: https://issues.apache.org/jira/browse/OFBIZ-11848 > Project: OFBiz > Issue Type: Bug > Components: framework >Affects Versions: 18.12.01, 17.12.03, Trunk >Reporter: Michael Brohl >Assignee: Michael Brohl >Priority: Major > Fix For: 18.12.01, Release Branch 17.12, Upcoming Branch > > > CVE-2020-11996 Apache Tomcat HTTP/2 Denial of Service > Severity: Important > Vendor: The Apache Software Foundation > Versions Affected: > Apache Tomcat 10.0.0-M1 to 10.0.0-M5 > Apache Tomcat 9.0.0.M1 to 9.0.35 > Apache Tomcat 8.5.0 to 8.5.55 > Description: > A specially crafted sequence of HTTP/2 requests could trigger high CPU > usage for several seconds. If a sufficient number of such requests were > made on concurrent HTTP/2 connections, the server could become unresponsive. > Mitigation: > - Upgrade to Apache Tomcat 10.0.0-M6 or later > - Upgrade to Apache Tomcat 9.0.36 or later > - Upgrade to Apache Tomcat 8.5.56 or later > Credit: > This issue was reported publicly via the Apache Tomcat Users mailing > list without reference to the potential for DoS. The DoS risks were > identified by the Apache Tomcat Security Team. > References: > [1] http://tomcat.apache.org/security-10.html > [2] http://tomcat.apache.org/security-9.html > [3] http://tomcat.apache.org/security-8.html -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11848) Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)
[ https://issues.apache.org/jira/browse/OFBIZ-11848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17151037#comment-17151037 ] ASF subversion and git services commented on OFBIZ-11848: - Commit b791dca9e7dc63d4ed07d5ca5ea873b173c0645e in ofbiz-framework's branch refs/heads/release18.12 from Michael Brohl [ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=b791dca ] Fixed: Added missing AJP connector property introduced for Tomcat 9.0.31 (OFBIZ-11848) > Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996) > - > > Key: OFBIZ-11848 > URL: https://issues.apache.org/jira/browse/OFBIZ-11848 > Project: OFBiz > Issue Type: Bug > Components: framework >Affects Versions: 18.12.01, 17.12.03, Trunk >Reporter: Michael Brohl >Assignee: Michael Brohl >Priority: Major > Fix For: 18.12.01, Release Branch 17.12, Upcoming Branch > > > CVE-2020-11996 Apache Tomcat HTTP/2 Denial of Service > Severity: Important > Vendor: The Apache Software Foundation > Versions Affected: > Apache Tomcat 10.0.0-M1 to 10.0.0-M5 > Apache Tomcat 9.0.0.M1 to 9.0.35 > Apache Tomcat 8.5.0 to 8.5.55 > Description: > A specially crafted sequence of HTTP/2 requests could trigger high CPU > usage for several seconds. If a sufficient number of such requests were > made on concurrent HTTP/2 connections, the server could become unresponsive. > Mitigation: > - Upgrade to Apache Tomcat 10.0.0-M6 or later > - Upgrade to Apache Tomcat 9.0.36 or later > - Upgrade to Apache Tomcat 8.5.56 or later > Credit: > This issue was reported publicly via the Apache Tomcat Users mailing > list without reference to the potential for DoS. The DoS risks were > identified by the Apache Tomcat Security Team. > References: > [1] http://tomcat.apache.org/security-10.html > [2] http://tomcat.apache.org/security-9.html > [3] http://tomcat.apache.org/security-8.html -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Comment Edited] (OFBIZ-11848) Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)
[ https://issues.apache.org/jira/browse/OFBIZ-11848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17151031#comment-17151031 ] Michael Brohl edited comment on OFBIZ-11848 at 7/3/20, 3:37 PM: I am proposing the following changes according to the migration guide ([https://tomcat.apache.org/migration-9.html#Upgrading_9.0.x)] In 9.0.31 onwards, the default listen address of the AJP Connector was changed to the loopback address rather than all addresses. -> No change necessary in OFBiz In 9.0.31 onwards, the requiredSecret attribute of the AJP Connector was deprecated and replaced by the secret attribute. -> Proposed change: add property with empty value. In 9.0.31 onwards, the secretRequired attribute was added to the AJP Connector. If set to true, the default, the AJP Connector will not start unless a secret has been specified. -> Proposed change: set to false (default is true) to keep the older state. In 9.0.31 onwards, the allowedRequestAttributesPattern attribute was added to the AJP Connector. Requests with unrecognised attributes will now be blocked with a 403. -> Proposed change: add property with wildcard pattern set to ".*" was (Author: mbrohl): I am proposing the following changes according to the migration guide ([https://tomcat.apache.org/migration-9.html#Upgrading_9.0.x)] In 9.0.31 onwards, the default listen address of the AJP Connector was changed to the loopback address rather than all addresses. -> No change necessary in OFBiz, the specified address is 0.0.0.0. In 9.0.31 onwards, the requiredSecret attribute of the AJP Connector was deprecated and replaced by the secret attribute. -> Proposed change: add property with empty value. In 9.0.31 onwards, the secretRequired attribute was added to the AJP Connector. If set to true, the default, the AJP Connector will not start unless a secret has been specified. -> Proposed change: set to false (default is true) to keep the older state. In 9.0.31 onwards, the allowedRequestAttributesPattern attribute was added to the AJP Connector. Requests with unrecognised attributes will now be blocked with a 403. -> Proposed change: add property with wildcard pattern set to ".*" > Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996) > - > > Key: OFBIZ-11848 > URL: https://issues.apache.org/jira/browse/OFBIZ-11848 > Project: OFBiz > Issue Type: Bug > Components: framework >Affects Versions: 18.12.01, 17.12.03, Trunk >Reporter: Michael Brohl >Assignee: Michael Brohl >Priority: Major > Fix For: 18.12.01, Release Branch 17.12, Upcoming Branch > > > CVE-2020-11996 Apache Tomcat HTTP/2 Denial of Service > Severity: Important > Vendor: The Apache Software Foundation > Versions Affected: > Apache Tomcat 10.0.0-M1 to 10.0.0-M5 > Apache Tomcat 9.0.0.M1 to 9.0.35 > Apache Tomcat 8.5.0 to 8.5.55 > Description: > A specially crafted sequence of HTTP/2 requests could trigger high CPU > usage for several seconds. If a sufficient number of such requests were > made on concurrent HTTP/2 connections, the server could become unresponsive. > Mitigation: > - Upgrade to Apache Tomcat 10.0.0-M6 or later > - Upgrade to Apache Tomcat 9.0.36 or later > - Upgrade to Apache Tomcat 8.5.56 or later > Credit: > This issue was reported publicly via the Apache Tomcat Users mailing > list without reference to the potential for DoS. The DoS risks were > identified by the Apache Tomcat Security Team. > References: > [1] http://tomcat.apache.org/security-10.html > [2] http://tomcat.apache.org/security-9.html > [3] http://tomcat.apache.org/security-8.html -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11848) Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)
[ https://issues.apache.org/jira/browse/OFBIZ-11848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17151036#comment-17151036 ] ASF subversion and git services commented on OFBIZ-11848: - Commit accca2d388300a363c3ff49f1c52c4c9da3731b4 in ofbiz-framework's branch refs/heads/release17.12 from Michael Brohl [ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=accca2d ] Fixed: Added missing AJP connector property introduced for Tomcat 9.0.31 (OFBIZ-11848) > Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996) > - > > Key: OFBIZ-11848 > URL: https://issues.apache.org/jira/browse/OFBIZ-11848 > Project: OFBiz > Issue Type: Bug > Components: framework >Affects Versions: 18.12.01, 17.12.03, Trunk >Reporter: Michael Brohl >Assignee: Michael Brohl >Priority: Major > Fix For: 18.12.01, Release Branch 17.12, Upcoming Branch > > > CVE-2020-11996 Apache Tomcat HTTP/2 Denial of Service > Severity: Important > Vendor: The Apache Software Foundation > Versions Affected: > Apache Tomcat 10.0.0-M1 to 10.0.0-M5 > Apache Tomcat 9.0.0.M1 to 9.0.35 > Apache Tomcat 8.5.0 to 8.5.55 > Description: > A specially crafted sequence of HTTP/2 requests could trigger high CPU > usage for several seconds. If a sufficient number of such requests were > made on concurrent HTTP/2 connections, the server could become unresponsive. > Mitigation: > - Upgrade to Apache Tomcat 10.0.0-M6 or later > - Upgrade to Apache Tomcat 9.0.36 or later > - Upgrade to Apache Tomcat 8.5.56 or later > Credit: > This issue was reported publicly via the Apache Tomcat Users mailing > list without reference to the potential for DoS. The DoS risks were > identified by the Apache Tomcat Security Team. > References: > [1] http://tomcat.apache.org/security-10.html > [2] http://tomcat.apache.org/security-9.html > [3] http://tomcat.apache.org/security-8.html -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11862) BigDecimal casting in Groovy
[
https://issues.apache.org/jira/browse/OFBIZ-11862?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17150838#comment-17150838
]
ASF subversion and git services commented on OFBIZ-11862:
-
Commit efc016e5c933469d863650c7af307ac4810b8142 in ofbiz-framework's branch
refs/heads/trunk from Pawan Verma
[ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=efc016e ]
Fixed: BigDecimal casting in Groovy (OFBIZ-11862)
Sometimes use wrong type castings for BigDecimal:
Used BigDecimal.ZERO and BigDecimal.ONE instead.
> BigDecimal casting in Groovy
>
>
> Key: OFBIZ-11862
> URL: https://issues.apache.org/jira/browse/OFBIZ-11862
> Project: OFBiz
> Issue Type: Bug
> Components: bi, order, product
>Affects Versions: Trunk
>Reporter: Jacques Le Roux
>Assignee: Pawan Verma
>Priority: Major
> Fix For: 18.12.01
>
>
> [Pritam Kute
> noticed|https://issues.apache.org/jira/browse/OFBIZ-11843?focusedCommentId=17146911=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-17146911]
> in OFBIZ-11843 that we sometimes use wrong type castings for BigDecimal:
> {quote}
> I have observed that for typecasting in groovy, we have used the wrong coding
> pattern like
> {code:java}
> (BigDecimal) -0.01
> {code}
> It should be like
> {code:java}
> -0.01 as BigDecimal
> {code}
> {quote}
> Actually in this case we don't need to cast, [because in case of decimal, the
> default type is always
> BigDecimal|https://www.logicbig.com/tutorials/misc/groovy/numbers-types-suffix.html].
>
> But there are Integers in trunk (mostly 0) and 2 cases where it's useless to
> cast in R18, nothing in R17
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (OFBIZ-11848) Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)
[ https://issues.apache.org/jira/browse/OFBIZ-11848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17151035#comment-17151035 ] ASF subversion and git services commented on OFBIZ-11848: - Commit dfbcf595ca3eab6371ee489dcc746a3350e56956 in ofbiz-framework's branch refs/heads/trunk from Michael Brohl [ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=dfbcf59 ] Fixed: Adds missing AJP connector property introduced for Tomcat 9.0.31 (OFBIZ-11848) > Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996) > - > > Key: OFBIZ-11848 > URL: https://issues.apache.org/jira/browse/OFBIZ-11848 > Project: OFBiz > Issue Type: Bug > Components: framework >Affects Versions: 18.12.01, 17.12.03, Trunk >Reporter: Michael Brohl >Assignee: Michael Brohl >Priority: Major > Fix For: 18.12.01, Release Branch 17.12, Upcoming Branch > > > CVE-2020-11996 Apache Tomcat HTTP/2 Denial of Service > Severity: Important > Vendor: The Apache Software Foundation > Versions Affected: > Apache Tomcat 10.0.0-M1 to 10.0.0-M5 > Apache Tomcat 9.0.0.M1 to 9.0.35 > Apache Tomcat 8.5.0 to 8.5.55 > Description: > A specially crafted sequence of HTTP/2 requests could trigger high CPU > usage for several seconds. If a sufficient number of such requests were > made on concurrent HTTP/2 connections, the server could become unresponsive. > Mitigation: > - Upgrade to Apache Tomcat 10.0.0-M6 or later > - Upgrade to Apache Tomcat 9.0.36 or later > - Upgrade to Apache Tomcat 8.5.56 or later > Credit: > This issue was reported publicly via the Apache Tomcat Users mailing > list without reference to the potential for DoS. The DoS risks were > identified by the Apache Tomcat Security Team. > References: > [1] http://tomcat.apache.org/security-10.html > [2] http://tomcat.apache.org/security-9.html > [3] http://tomcat.apache.org/security-8.html -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Reopened] (OFBIZ-11862) BigDecimal casting in Groovy
[
https://issues.apache.org/jira/browse/OFBIZ-11862?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pawan Verma reopened OFBIZ-11862:
-
Assignee: Pawan Verma (was: Jacques Le Roux)
Reopening to use BigDecimal.ZERO instead of 0 as BigDecimal.
> BigDecimal casting in Groovy
>
>
> Key: OFBIZ-11862
> URL: https://issues.apache.org/jira/browse/OFBIZ-11862
> Project: OFBiz
> Issue Type: Bug
> Components: bi, order, product
>Affects Versions: Trunk
>Reporter: Jacques Le Roux
>Assignee: Pawan Verma
>Priority: Major
> Fix For: 18.12.01
>
>
> [Pritam Kute
> noticed|https://issues.apache.org/jira/browse/OFBIZ-11843?focusedCommentId=17146911=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-17146911]
> in OFBIZ-11843 that we sometimes use wrong type castings for BigDecimal:
> {quote}
> I have observed that for typecasting in groovy, we have used the wrong coding
> pattern like
> {code:java}
> (BigDecimal) -0.01
> {code}
> It should be like
> {code:java}
> -0.01 as BigDecimal
> {code}
> {quote}
> Actually in this case we don't need to cast, [because in case of decimal, the
> default type is always
> BigDecimal|https://www.logicbig.com/tutorials/misc/groovy/numbers-types-suffix.html].
>
> But there are Integers in trunk (mostly 0) and 2 cases where it's useless to
> cast in R18, nothing in R17
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (OFBIZ-11848) Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)
[ https://issues.apache.org/jira/browse/OFBIZ-11848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17151034#comment-17151034 ] Michael Brohl commented on OFBIZ-11848: --- Only the last entry allowedRequestAttributesPattern needs action because we already had updated some of the properties before. > Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996) > - > > Key: OFBIZ-11848 > URL: https://issues.apache.org/jira/browse/OFBIZ-11848 > Project: OFBiz > Issue Type: Bug > Components: framework >Affects Versions: 18.12.01, 17.12.03, Trunk >Reporter: Michael Brohl >Assignee: Michael Brohl >Priority: Major > Fix For: 18.12.01, Release Branch 17.12, Upcoming Branch > > > CVE-2020-11996 Apache Tomcat HTTP/2 Denial of Service > Severity: Important > Vendor: The Apache Software Foundation > Versions Affected: > Apache Tomcat 10.0.0-M1 to 10.0.0-M5 > Apache Tomcat 9.0.0.M1 to 9.0.35 > Apache Tomcat 8.5.0 to 8.5.55 > Description: > A specially crafted sequence of HTTP/2 requests could trigger high CPU > usage for several seconds. If a sufficient number of such requests were > made on concurrent HTTP/2 connections, the server could become unresponsive. > Mitigation: > - Upgrade to Apache Tomcat 10.0.0-M6 or later > - Upgrade to Apache Tomcat 9.0.36 or later > - Upgrade to Apache Tomcat 8.5.56 or later > Credit: > This issue was reported publicly via the Apache Tomcat Users mailing > list without reference to the potential for DoS. The DoS risks were > identified by the Apache Tomcat Security Team. > References: > [1] http://tomcat.apache.org/security-10.html > [2] http://tomcat.apache.org/security-9.html > [3] http://tomcat.apache.org/security-8.html -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Assigned] (OFBIZ-11541) Convert testDepositWithdrawPaymentsInSingleTrans test from XML to Groovy
[ https://issues.apache.org/jira/browse/OFBIZ-11541?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Akash Jain reassigned OFBIZ-11541: -- Assignee: Akash Jain (was: Anushi Gupta) > Convert testDepositWithdrawPaymentsInSingleTrans test from XML to Groovy > > > Key: OFBIZ-11541 > URL: https://issues.apache.org/jira/browse/OFBIZ-11541 > Project: OFBiz > Issue Type: Sub-task > Components: accounting >Affects Versions: Trunk >Reporter: Rohit Hukkeri >Assignee: Akash Jain >Priority: Minor > > Convert testDepositWithdrawPaymentsInSingleTrans test from XML to Groovy -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Assigned] (OFBIZ-11542) Convert testSetFinAccountTransStatus test from XML to Groovy
[ https://issues.apache.org/jira/browse/OFBIZ-11542?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Akash Jain reassigned OFBIZ-11542: -- Assignee: Akash Jain (was: Anushi Gupta) > Convert testSetFinAccountTransStatus test from XML to Groovy > > > Key: OFBIZ-11542 > URL: https://issues.apache.org/jira/browse/OFBIZ-11542 > Project: OFBiz > Issue Type: Sub-task > Components: accounting >Affects Versions: Trunk >Reporter: Rohit Hukkeri >Assignee: Akash Jain >Priority: Minor > > Convert testSetFinAccountTransStatus test from XML to Groovy -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11837) First Data Payment Gateway Integration
[ https://issues.apache.org/jira/browse/OFBIZ-11837?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17150983#comment-17150983 ] ASF subversion and git services commented on OFBIZ-11837: - Commit c2925a43a46218524ac3004fdc526c4147c46bd5 in ofbiz-plugins's branch refs/heads/trunk from Jacques Le Roux [ https://gitbox.apache.org/repos/asf?p=ofbiz-plugins.git;h=c2925a4 ] Improved: Adds plugin for integration of 1st Data payment gateway (OFBIZ-11837) Adds missing ASL2 license headers > First Data Payment Gateway Integration > -- > > Key: OFBIZ-11837 > URL: https://issues.apache.org/jira/browse/OFBIZ-11837 > Project: OFBiz > Issue Type: New Feature >Affects Versions: Trunk >Reporter: Pritam Kute >Assignee: Pritam Kute >Priority: Major > > Dev Thread Link: [https://markmail.org/thread/2p5top4idkeiwlih] > Apache OFBiz has OOTB integrations for most of the widely used payment > gateways around the world. > We are working on integrating First Data Payment Gateway for one of the > websites. The First Data payment gateway is quite popular and comes in the > list of top payment gateways around the globe. We would like to contribute > the basic payment gateway integration of First Data into Apache OFBiz. > Also as discussed over the DEV list, we will be contributing gateway as a > separate plugin. > We will create the subtasks under this main task to deliver different payment > gateway methods. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11848) Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)
[ https://issues.apache.org/jira/browse/OFBIZ-11848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17151031#comment-17151031 ] Michael Brohl commented on OFBIZ-11848: --- I am proposing the following changes according to the migration guide ([https://tomcat.apache.org/migration-9.html#Upgrading_9.0.x)] In 9.0.31 onwards, the default listen address of the AJP Connector was changed to the loopback address rather than all addresses. -> No change necessary in OFBiz, the specified address is 0.0.0.0. In 9.0.31 onwards, the requiredSecret attribute of the AJP Connector was deprecated and replaced by the secret attribute. -> Proposed change: add property with empty value. In 9.0.31 onwards, the secretRequired attribute was added to the AJP Connector. If set to true, the default, the AJP Connector will not start unless a secret has been specified. -> Proposed change: set to false (default is true) to keep the older state. In 9.0.31 onwards, the allowedRequestAttributesPattern attribute was added to the AJP Connector. Requests with unrecognised attributes will now be blocked with a 403. -> Proposed change: add property with wildcard pattern set to ".*" > Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996) > - > > Key: OFBIZ-11848 > URL: https://issues.apache.org/jira/browse/OFBIZ-11848 > Project: OFBiz > Issue Type: Bug > Components: framework >Affects Versions: 18.12.01, 17.12.03, Trunk >Reporter: Michael Brohl >Assignee: Michael Brohl >Priority: Major > Fix For: 18.12.01, Release Branch 17.12, Upcoming Branch > > > CVE-2020-11996 Apache Tomcat HTTP/2 Denial of Service > Severity: Important > Vendor: The Apache Software Foundation > Versions Affected: > Apache Tomcat 10.0.0-M1 to 10.0.0-M5 > Apache Tomcat 9.0.0.M1 to 9.0.35 > Apache Tomcat 8.5.0 to 8.5.55 > Description: > A specially crafted sequence of HTTP/2 requests could trigger high CPU > usage for several seconds. If a sufficient number of such requests were > made on concurrent HTTP/2 connections, the server could become unresponsive. > Mitigation: > - Upgrade to Apache Tomcat 10.0.0-M6 or later > - Upgrade to Apache Tomcat 9.0.36 or later > - Upgrade to Apache Tomcat 8.5.56 or later > Credit: > This issue was reported publicly via the Apache Tomcat Users mailing > list without reference to the potential for DoS. The DoS risks were > identified by the Apache Tomcat Security Team. > References: > [1] http://tomcat.apache.org/security-10.html > [2] http://tomcat.apache.org/security-9.html > [3] http://tomcat.apache.org/security-8.html -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (OFBIZ-11808) Improve screen engine with decrease technology dependence
[ https://issues.apache.org/jira/browse/OFBIZ-11808?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nicolas Malin updated OFBIZ-11808: -- Description: After different presentation on thinking about how improve the end user experience on back office screen, we start a list of issues that cover the minimum need. [chapter 1|https://lists.apache.org/thread.html/5dcc8cff9b5413070079d22833b6a10abee55bcfbfb0233019ed09b1%40%3Cdev.ofbiz.apache.org%3E] [chapter 2|https://lists.apache.org/thread.html/r146f2814691e98e2cfc308ed3ac1db77fb6a356a2b73215517d300aa%40%3Cdev.ofbiz.apache.org%3E] [chapter 3|https://lists.apache.org/thread.html/ra5ed191eecbaf8096ddcdcf98048e70ea8c139fcab75c734ff30b6c0%40%3Cdev.ofbiz.apache.org%3E] [Presentation slides|https://s.apache.org/EmpowerOFBizScreen] Each improvement is designed to decrease the xml form definition, based on functional concept out any technology (relaying to theme). was: After different presentation on thinking about how improve the end user experience on back office screen, we start a list of issues that cover the minimum need. [chapter 1|https://lists.apache.org/thread.html/5dcc8cff9b5413070079d22833b6a10abee55bcfbfb0233019ed09b1%40%3Cdev.ofbiz.apache.org%3E] [chapter 2|https://lists.apache.org/thread.html/r146f2814691e98e2cfc308ed3ac1db77fb6a356a2b73215517d300aa%40%3Cdev.ofbiz.apache.org%3E] [chapter 3|https://lists.apache.org/thread.html/ra5ed191eecbaf8096ddcdcf98048e70ea8c139fcab75c734ff30b6c0%40%3Cdev.ofbiz.apache.org%3E] [Presentation slides|[https://s.apache.org/EmpowerOFBizScreen]] Each improvement is designed to decrease the xml form definition, based on functional concept out any technology (relaying to theme). > Improve screen engine with decrease technology dependence > - > > Key: OFBIZ-11808 > URL: https://issues.apache.org/jira/browse/OFBIZ-11808 > Project: OFBiz > Issue Type: Improvement > Components: framework, framework/widget >Affects Versions: Trunk >Reporter: Nicolas Malin >Assignee: Nicolas Malin >Priority: Major > Labels: screen, widget > > After different presentation on thinking about how improve the end user > experience on back office screen, we start a list of issues that cover the > minimum need. > [chapter > 1|https://lists.apache.org/thread.html/5dcc8cff9b5413070079d22833b6a10abee55bcfbfb0233019ed09b1%40%3Cdev.ofbiz.apache.org%3E] > > [chapter > 2|https://lists.apache.org/thread.html/r146f2814691e98e2cfc308ed3ac1db77fb6a356a2b73215517d300aa%40%3Cdev.ofbiz.apache.org%3E] > [chapter > 3|https://lists.apache.org/thread.html/ra5ed191eecbaf8096ddcdcf98048e70ea8c139fcab75c734ff30b6c0%40%3Cdev.ofbiz.apache.org%3E] > [Presentation slides|https://s.apache.org/EmpowerOFBizScreen] > Each improvement is designed to decrease the xml form definition, based on > functional concept out any technology (relaying to theme). -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (OFBIZ-11808) Improve screen engine with decrease technology dependence
[ https://issues.apache.org/jira/browse/OFBIZ-11808?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nicolas Malin updated OFBIZ-11808: -- Description: After different presentation on thinking about how improve the end user experience on back office screen, we start a list of issues that cover the minimum need. [chapter 1|https://lists.apache.org/thread.html/5dcc8cff9b5413070079d22833b6a10abee55bcfbfb0233019ed09b1%40%3Cdev.ofbiz.apache.org%3E] [chapter 2|https://lists.apache.org/thread.html/r146f2814691e98e2cfc308ed3ac1db77fb6a356a2b73215517d300aa%40%3Cdev.ofbiz.apache.org%3E] [chapter 3|https://lists.apache.org/thread.html/ra5ed191eecbaf8096ddcdcf98048e70ea8c139fcab75c734ff30b6c0%40%3Cdev.ofbiz.apache.org%3E] [Presentation slides|[https://s.apache.org/EmpowerOFBizScreen]] Each improvement is designed to decrease the xml form definition, based on functional concept out any technology (relaying to theme). was: After different presentation on thinking about how improve the end user experience on back office screen, we start a list of issues that cover the minimum need. [chapter 1|https://lists.apache.org/thread.html/5dcc8cff9b5413070079d22833b6a10abee55bcfbfb0233019ed09b1%40%3Cdev.ofbiz.apache.org%3E] [chapter 2|https://lists.apache.org/thread.html/r146f2814691e98e2cfc308ed3ac1db77fb6a356a2b73215517d300aa%40%3Cdev.ofbiz.apache.org%3E] [chapter 3|https://lists.apache.org/thread.html/ra5ed191eecbaf8096ddcdcf98048e70ea8c139fcab75c734ff30b6c0%40%3Cdev.ofbiz.apache.org%3E] Each improvement is designed to decrease the xml form definition, based on functional concept out any technology (relaying to theme). > Improve screen engine with decrease technology dependence > - > > Key: OFBIZ-11808 > URL: https://issues.apache.org/jira/browse/OFBIZ-11808 > Project: OFBiz > Issue Type: Improvement > Components: framework, framework/widget >Affects Versions: Trunk >Reporter: Nicolas Malin >Assignee: Nicolas Malin >Priority: Major > Labels: screen, widget > > After different presentation on thinking about how improve the end user > experience on back office screen, we start a list of issues that cover the > minimum need. > [chapter > 1|https://lists.apache.org/thread.html/5dcc8cff9b5413070079d22833b6a10abee55bcfbfb0233019ed09b1%40%3Cdev.ofbiz.apache.org%3E] > > [chapter > 2|https://lists.apache.org/thread.html/r146f2814691e98e2cfc308ed3ac1db77fb6a356a2b73215517d300aa%40%3Cdev.ofbiz.apache.org%3E] > [chapter > 3|https://lists.apache.org/thread.html/ra5ed191eecbaf8096ddcdcf98048e70ea8c139fcab75c734ff30b6c0%40%3Cdev.ofbiz.apache.org%3E] > [Presentation slides|[https://s.apache.org/EmpowerOFBizScreen]] > Each improvement is designed to decrease the xml form definition, based on > functional concept out any technology (relaying to theme). -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (OFBIZ-11836) IDOR vulnerability in the order processing feature in ecommerce component
[
https://issues.apache.org/jira/browse/OFBIZ-11836?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jacques Le Roux updated OFBIZ-11836:
Description:
Harshit Shukla [harshit.sh...@gmail.com|mailto:harshit.sh...@gmail.com]reported
this IDOR vulnerability to the OFBiz security team, and we thank him for that.
Here is Harshit's message slightly edited:
{quote}[https://demo-stable.ofbiz.apache.org/ecommerce/control/order.pdf?orderId=WSCO1]
In the above URL, the parameter 'orderId' has the value 'WSCO1' and after
incrementing the value to 'WSCO10001' or 'WSCO10002' will download the receipt
of other orders which have been placed by other users.
All the available order receipts can be downloaded by running an automated tool
(Burp Intruder) on the parameter 'orderId=WSCOX'
I have successfully tested this by using 2 different accounts: DemoCustomer and
DemoCustomer2 ([~jleroux] edited)
An attacker can download order receipts of other users and this could lead to
information disclosure.
The only real solution to this issue is to implement access control. The user
needs to be authorized for the requested information before the server provides
it.
Reference:[https://blog.detectify.com/2016/05/25/owasp-top-10-insecure-direct-object-reference-4/]
{quote}
Only ecommerce is affected because we have secure permissions in backorder
components (ERP)
was:
Harshit Shukla [mailto:harshit.sh...@gmail.com]reported this IDOR vulnerability
to the OFBiz security team, and we thank him for that.
I'll later quote here his email message when the vulnerability will be fixed.
It's a post-auth vulnerability so we did not ask for a CVE.
Here is Harshit's message slightly edited:
{quote}
https://demo-stable.ofbiz.apache.org/ecommerce/control/order.pdf?orderId=WSCO1
In the above URL, the parameter 'orderId' has the value 'WSCO1' and after
incrementing the value to 'WSCO10001' or 'WSCO10002' will download the receipt
of other orders which have been placed by other users.
All the available order receipts can be downloaded by running an automated tool
(Burp Intruder) on the parameter 'orderId=WSCOX'
I have successfully tested this by using 2 different accounts: DemoCustomer and
DemoCustomer2 ([~jleroux] edited)
An attacker can download order receipts of other users and this could lead to
information disclosure.
The only real solution to this issue is to implement access control. The user
needs to be authorized for the requested information before the server provides
it.
Reference:https://blog.detectify.com/2016/05/25/owasp-top-10-insecure-direct-object-reference-4/
{quote}
Only ecommerce is affected because we have secure permissions in backorder
components (ERP)
> IDOR vulnerability in the order processing feature in ecommerce component
> -
>
> Key: OFBIZ-11836
> URL: https://issues.apache.org/jira/browse/OFBIZ-11836
> Project: OFBiz
> Issue Type: Sub-task
> Components: ecommerce, order
>Affects Versions: Trunk
>Reporter: Jacques Le Roux
>Assignee: Jacques Le Roux
>Priority: Major
> Fix For: 18.12.01, 17.12.04
>
>
> Harshit Shukla
> [harshit.sh...@gmail.com|mailto:harshit.sh...@gmail.com]reported this IDOR
> vulnerability to the OFBiz security team, and we thank him for that.
> Here is Harshit's message slightly edited:
> {quote}[https://demo-stable.ofbiz.apache.org/ecommerce/control/order.pdf?orderId=WSCO1]
> In the above URL, the parameter 'orderId' has the value 'WSCO1' and after
> incrementing the value to 'WSCO10001' or 'WSCO10002' will download the
> receipt of other orders which have been placed by other users.
> All the available order receipts can be downloaded by running an automated
> tool (Burp Intruder) on the parameter 'orderId=WSCOX'
> I have successfully tested this by using 2 different accounts: DemoCustomer
> and DemoCustomer2 ([~jleroux] edited)
> An attacker can download order receipts of other users and this could lead to
> information disclosure.
> The only real solution to this issue is to implement access control. The user
> needs to be authorized for the requested information before the server
> provides it.
> Reference:[https://blog.detectify.com/2016/05/25/owasp-top-10-insecure-direct-object-reference-4/]
> {quote}
> Only ecommerce is affected because we have secure permissions in backorder
> components (ERP)
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Created] (OFBIZ-11869) Convert ProductionRunTests.xml to Groovy
Akash Jain created OFBIZ-11869: -- Summary: Convert ProductionRunTests.xml to Groovy Key: OFBIZ-11869 URL: https://issues.apache.org/jira/browse/OFBIZ-11869 Project: OFBiz Issue Type: Sub-task Components: manufacturing Affects Versions: Trunk Reporter: Akash Jain Assignee: Akash Jain Convert ProductionRunTests XML file to Groovy. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Closed] (OFBIZ-11862) BigDecimal casting in Groovy
[
https://issues.apache.org/jira/browse/OFBIZ-11862?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pawan Verma closed OFBIZ-11862.
---
Resolution: Implemented
> BigDecimal casting in Groovy
>
>
> Key: OFBIZ-11862
> URL: https://issues.apache.org/jira/browse/OFBIZ-11862
> Project: OFBiz
> Issue Type: Bug
> Components: bi, order, product
>Affects Versions: Trunk
>Reporter: Jacques Le Roux
>Assignee: Pawan Verma
>Priority: Major
> Fix For: 18.12.01
>
>
> [Pritam Kute
> noticed|https://issues.apache.org/jira/browse/OFBIZ-11843?focusedCommentId=17146911=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-17146911]
> in OFBIZ-11843 that we sometimes use wrong type castings for BigDecimal:
> {quote}
> I have observed that for typecasting in groovy, we have used the wrong coding
> pattern like
> {code:java}
> (BigDecimal) -0.01
> {code}
> It should be like
> {code:java}
> -0.01 as BigDecimal
> {code}
> {quote}
> Actually in this case we don't need to cast, [because in case of decimal, the
> default type is always
> BigDecimal|https://www.logicbig.com/tutorials/misc/groovy/numbers-types-suffix.html].
>
> But there are Integers in trunk (mostly 0) and 2 cases where it's useless to
> cast in R18, nothing in R17
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Closed] (OFBIZ-11862) BigDecimal casting in Groovy
[
https://issues.apache.org/jira/browse/OFBIZ-11862?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pawan Verma closed OFBIZ-11862.
---
Resolution: Fixed
> BigDecimal casting in Groovy
>
>
> Key: OFBIZ-11862
> URL: https://issues.apache.org/jira/browse/OFBIZ-11862
> Project: OFBiz
> Issue Type: Bug
> Components: bi, order, product
>Affects Versions: Trunk
>Reporter: Jacques Le Roux
>Assignee: Pawan Verma
>Priority: Major
> Fix For: 18.12.01
>
>
> [Pritam Kute
> noticed|https://issues.apache.org/jira/browse/OFBIZ-11843?focusedCommentId=17146911=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-17146911]
> in OFBIZ-11843 that we sometimes use wrong type castings for BigDecimal:
> {quote}
> I have observed that for typecasting in groovy, we have used the wrong coding
> pattern like
> {code:java}
> (BigDecimal) -0.01
> {code}
> It should be like
> {code:java}
> -0.01 as BigDecimal
> {code}
> {quote}
> Actually in this case we don't need to cast, [because in case of decimal, the
> default type is always
> BigDecimal|https://www.logicbig.com/tutorials/misc/groovy/numbers-types-suffix.html].
>
> But there are Integers in trunk (mostly 0) and 2 cases where it's useless to
> cast in R18, nothing in R17
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Reopened] (OFBIZ-11862) BigDecimal casting in Groovy
[
https://issues.apache.org/jira/browse/OFBIZ-11862?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pawan Verma reopened OFBIZ-11862:
-
> BigDecimal casting in Groovy
>
>
> Key: OFBIZ-11862
> URL: https://issues.apache.org/jira/browse/OFBIZ-11862
> Project: OFBiz
> Issue Type: Bug
> Components: bi, order, product
>Affects Versions: Trunk
>Reporter: Jacques Le Roux
>Assignee: Pawan Verma
>Priority: Major
> Fix For: 18.12.01
>
>
> [Pritam Kute
> noticed|https://issues.apache.org/jira/browse/OFBIZ-11843?focusedCommentId=17146911=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-17146911]
> in OFBIZ-11843 that we sometimes use wrong type castings for BigDecimal:
> {quote}
> I have observed that for typecasting in groovy, we have used the wrong coding
> pattern like
> {code:java}
> (BigDecimal) -0.01
> {code}
> It should be like
> {code:java}
> -0.01 as BigDecimal
> {code}
> {quote}
> Actually in this case we don't need to cast, [because in case of decimal, the
> default type is always
> BigDecimal|https://www.logicbig.com/tutorials/misc/groovy/numbers-types-suffix.html].
>
> But there are Integers in trunk (mostly 0) and 2 cases where it's useless to
> cast in R18, nothing in R17
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (OFBIZ-11535) Convert AutoPaymentTests.xml to Groovy
[ https://issues.apache.org/jira/browse/OFBIZ-11535?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17150963#comment-17150963 ] Akash Jain commented on OFBIZ-11535: Attached patch for this improvement. > Convert AutoPaymentTests.xml to Groovy > -- > > Key: OFBIZ-11535 > URL: https://issues.apache.org/jira/browse/OFBIZ-11535 > Project: OFBiz > Issue Type: Sub-task > Components: accounting >Affects Versions: Trunk >Reporter: Rohit Hukkeri >Assignee: Akash Jain >Priority: Minor > Attachments: OFBIZ-11535.patch > > > Convert AutoPaymentTests XML file to Groovy. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11456) MacroFormRenderer refactoring
[ https://issues.apache.org/jira/browse/OFBIZ-11456?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17150793#comment-17150793 ] ASF subversion and git services commented on OFBIZ-11456: - Commit 3bc59aeb140da99ee74a9c5a8232889587b0b8ed in ofbiz-framework's branch refs/heads/trunk from Daniel Watford [ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=3bc59ae ] Improved: Added new MacroFormRenderer unit tests (OFBIZ-11456) (#213) Improved: Suppress deprecation warning on test method used to ensure behaviour is preserved until the deprecated method is removed. (OFBIZ-11456) * Improved: Unit Tests for MacroFormRenderer As part of refactoring MacroFormRender, unit tests have been created for the main render methods to help ensure consistent behaviour is maintained when MacroFormRender is changed. More in-depth unit testing may be added when the more complex parts of MacroFormRenderer are modified in the future. > MacroFormRenderer refactoring > - > > Key: OFBIZ-11456 > URL: https://issues.apache.org/jira/browse/OFBIZ-11456 > Project: OFBiz > Issue Type: Improvement > Components: framework/widget >Affects Versions: Trunk >Reporter: Daniel Watford >Assignee: Daniel Watford >Priority: Minor > > Class MacroFormRender is 3400 lines long and performs the following: > * Renders the various form structure parts and field widgets to FTL macros > calls. > * Configures the FTL environment. > * Executes the FTL macro calls to generate HTML and write it to a caller > provided Appendable. > Implementing the above means that MacroFormRenderer does not meet the Single > Responsibility Principle. The current implementation of multiple > responsibilities makes unit testing difficult. > As discussed on the dev mailing list > https://markmail.org/message/adtkk6cb6o7mmy7f it is proposed that > MacroFormRenderer is refactored. > Refactoring should separate the rendering of form structure parts and field > widgets to FTL macro calls from the execution of those macros. > To support the refactoring effort JMockit is being introduced (OFBIZ-4035) to > allow test creation against the current implementation of MacroFormRenderer, > helping to ensure functionality is preserved once refactoring is complete. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11456) MacroFormRenderer refactoring
[ https://issues.apache.org/jira/browse/OFBIZ-11456?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17150795#comment-17150795 ] Jacques Le Roux commented on OFBIZ-11456: - Thanks Daniel, PR#213 is in. I let open since there is more work to do here. I suggest to create subtasks to not have too much comments here only. > MacroFormRenderer refactoring > - > > Key: OFBIZ-11456 > URL: https://issues.apache.org/jira/browse/OFBIZ-11456 > Project: OFBiz > Issue Type: Improvement > Components: framework/widget >Affects Versions: Trunk >Reporter: Daniel Watford >Assignee: Daniel Watford >Priority: Minor > > Class MacroFormRender is 3400 lines long and performs the following: > * Renders the various form structure parts and field widgets to FTL macros > calls. > * Configures the FTL environment. > * Executes the FTL macro calls to generate HTML and write it to a caller > provided Appendable. > Implementing the above means that MacroFormRenderer does not meet the Single > Responsibility Principle. The current implementation of multiple > responsibilities makes unit testing difficult. > As discussed on the dev mailing list > https://markmail.org/message/adtkk6cb6o7mmy7f it is proposed that > MacroFormRenderer is refactored. > Refactoring should separate the rendering of form structure parts and field > widgets to FTL macro calls from the execution of those macros. > To support the refactoring effort JMockit is being introduced (OFBIZ-4035) to > allow test creation against the current implementation of MacroFormRenderer, > helping to ensure functionality is preserved once refactoring is complete. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11456) MacroFormRenderer refactoring
[ https://issues.apache.org/jira/browse/OFBIZ-11456?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17150794#comment-17150794 ] ASF subversion and git services commented on OFBIZ-11456: - Commit 3bc59aeb140da99ee74a9c5a8232889587b0b8ed in ofbiz-framework's branch refs/heads/trunk from Daniel Watford [ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=3bc59ae ] Improved: Added new MacroFormRenderer unit tests (OFBIZ-11456) (#213) Improved: Suppress deprecation warning on test method used to ensure behaviour is preserved until the deprecated method is removed. (OFBIZ-11456) * Improved: Unit Tests for MacroFormRenderer As part of refactoring MacroFormRender, unit tests have been created for the main render methods to help ensure consistent behaviour is maintained when MacroFormRender is changed. More in-depth unit testing may be added when the more complex parts of MacroFormRenderer are modified in the future. > MacroFormRenderer refactoring > - > > Key: OFBIZ-11456 > URL: https://issues.apache.org/jira/browse/OFBIZ-11456 > Project: OFBiz > Issue Type: Improvement > Components: framework/widget >Affects Versions: Trunk >Reporter: Daniel Watford >Assignee: Daniel Watford >Priority: Minor > > Class MacroFormRender is 3400 lines long and performs the following: > * Renders the various form structure parts and field widgets to FTL macros > calls. > * Configures the FTL environment. > * Executes the FTL macro calls to generate HTML and write it to a caller > provided Appendable. > Implementing the above means that MacroFormRenderer does not meet the Single > Responsibility Principle. The current implementation of multiple > responsibilities makes unit testing difficult. > As discussed on the dev mailing list > https://markmail.org/message/adtkk6cb6o7mmy7f it is proposed that > MacroFormRenderer is refactored. > Refactoring should separate the rendering of form structure parts and field > widgets to FTL macro calls from the execution of those macros. > To support the refactoring effort JMockit is being introduced (OFBIZ-4035) to > allow test creation against the current implementation of MacroFormRenderer, > helping to ensure functionality is preserved once refactoring is complete. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (OFBIZ-11535) Convert AutoPaymentTests.xml to Groovy
[ https://issues.apache.org/jira/browse/OFBIZ-11535?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Akash Jain updated OFBIZ-11535: --- Attachment: OFBIZ-11535.patch > Convert AutoPaymentTests.xml to Groovy > -- > > Key: OFBIZ-11535 > URL: https://issues.apache.org/jira/browse/OFBIZ-11535 > Project: OFBiz > Issue Type: Sub-task > Components: accounting >Affects Versions: Trunk >Reporter: Rohit Hukkeri >Assignee: Akash Jain >Priority: Minor > Attachments: OFBIZ-11535.patch > > > Convert AutoPaymentTests XML file to Groovy. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Assigned] (OFBIZ-11868) Convert EmailServices.xml mini lang to groovy
[ https://issues.apache.org/jira/browse/OFBIZ-11868?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Harutyun Farajyan reassigned OFBIZ-11868: - Assignee: Harutyun Farajyan > Convert EmailServices.xml mini lang to groovy > - > > Key: OFBIZ-11868 > URL: https://issues.apache.org/jira/browse/OFBIZ-11868 > Project: OFBiz > Issue Type: Sub-task >Reporter: Harutyun Farajyan >Assignee: Harutyun Farajyan >Priority: Minor > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (OFBIZ-11868) Convert EmailServices.xml mini lang to groovy
Harutyun Farajyan created OFBIZ-11868: - Summary: Convert EmailServices.xml mini lang to groovy Key: OFBIZ-11868 URL: https://issues.apache.org/jira/browse/OFBIZ-11868 Project: OFBiz Issue Type: Sub-task Reporter: Harutyun Farajyan -- This message was sent by Atlassian Jira (v8.3.4#803005)
[GitHub] [ofbiz-framework] JacquesLeRoux merged pull request #213: Improved: Added new MacroFormRenderer unit tests (OFBIZ-11456)
JacquesLeRoux merged pull request #213: URL: https://github.com/apache/ofbiz-framework/pull/213 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
