[jira] [Closed] (OFBIZ-10303) Add a Global Glossary for Documentation Guides
[ https://issues.apache.org/jira/browse/OFBIZ-10303?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Olivier Heintz closed OFBIZ-10303. -- Assignee: Olivier Heintz Resolution: Fixed > Add a Global Glossary for Documentation Guides > -- > > Key: OFBIZ-10303 > URL: https://issues.apache.org/jira/browse/OFBIZ-10303 > Project: OFBiz > Issue Type: Task >Reporter: Olivier Heintz >Assignee: Olivier Heintz >Priority: Minor > Labels: Documentation > Attachments: > OFBIZ-10303_Documented-Add-a-Global-Glossary-for-user-documentat.patch, > humanres.adoc.patch, ofbiz-glossary.adoc, ofbiz-glossary.adoc, > ofbiz-glossary.adoc, user-manual.adoc.patch > > > Create a ofbiz-glossary.adoc in _include directory at the top level (near > user-manual.adoc and developer-manual.adoc) > This file will be used for all terms which are global to ofbiz (not link to a > component). > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-10303) Add a Global Glossary for Documentation Guides
[ https://issues.apache.org/jira/browse/OFBIZ-10303?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17232066#comment-17232066 ] ASF subversion and git services commented on OFBIZ-10303: - Commit c21892609ba593193055bc2350e1e44b602d687b in ofbiz-framework's branch refs/heads/trunk from Olivier Heintz [ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=c218926 ] Documented: Add a Global Glossary for user-documentation (OFBIZ-10303) > Add a Global Glossary for Documentation Guides > -- > > Key: OFBIZ-10303 > URL: https://issues.apache.org/jira/browse/OFBIZ-10303 > Project: OFBiz > Issue Type: Task >Reporter: Olivier Heintz >Priority: Minor > Labels: Documentation > Attachments: > OFBIZ-10303_Documented-Add-a-Global-Glossary-for-user-documentat.patch, > humanres.adoc.patch, ofbiz-glossary.adoc, ofbiz-glossary.adoc, > ofbiz-glossary.adoc, user-manual.adoc.patch > > > Create a ofbiz-glossary.adoc in _include directory at the top level (near > user-manual.adoc and developer-manual.adoc) > This file will be used for all terms which are global to ofbiz (not link to a > component). > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Closed] (OFBIZ-11364) OFBizDocumentationSystem migration to Asciidoc and Review
[ https://issues.apache.org/jira/browse/OFBIZ-11364?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Olivier Heintz closed OFBIZ-11364. -- Resolution: Fixed > OFBizDocumentationSystem migration to Asciidoc and Review > - > > Key: OFBIZ-11364 > URL: https://issues.apache.org/jira/browse/OFBIZ-11364 > Project: OFBiz > Issue Type: Sub-task > Components: commonext >Affects Versions: Trunk >Reporter: Olivier Heintz >Assignee: Olivier Heintz >Priority: Minor > Labels: Documentation > Attachments: OFBizDocumentationSystem.adoc, > OFBizDocumentationSystem_FR.adoc > > > # Migrate Docbook format to Asciidoc format > # complete review of content > Review should be done when "application user Help" will be rebuild -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11364) OFBizDocumentationSystem migration to Asciidoc and Review
[ https://issues.apache.org/jira/browse/OFBIZ-11364?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17232057#comment-17232057 ] ASF subversion and git services commented on OFBIZ-11364: - Commit ac6964e8eba64c8a84a5954e2e2fead0e434fbb0 in ofbiz-framework's branch refs/heads/trunk from Olivier Heintz [ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=ac6964e ] Documented: OFBizDocumentationSystem migration to Asciidoc and Review (OFBIZ-11364) Rewrite the document, add a part in documentation guidline. Add a include for OFBizDocumentationSystem document in user manual and developer-manual. > OFBizDocumentationSystem migration to Asciidoc and Review > - > > Key: OFBIZ-11364 > URL: https://issues.apache.org/jira/browse/OFBIZ-11364 > Project: OFBiz > Issue Type: Sub-task > Components: commonext >Affects Versions: Trunk >Reporter: Olivier Heintz >Assignee: Olivier Heintz >Priority: Minor > Labels: Documentation > Attachments: OFBizDocumentationSystem.adoc, > OFBizDocumentationSystem_FR.adoc > > > # Migrate Docbook format to Asciidoc format > # complete review of content > Review should be done when "application user Help" will be rebuild -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Closed] (OFBIZ-12055) Prevent possible post-auth RCE from webtools/control/ProgramExport
[ https://issues.apache.org/jira/browse/OFBIZ-12055?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jacques Le Roux closed OFBIZ-12055. --- Fix Version/s: (was: Upcoming Branch) 17.12.05 18.12.01 Resolution: Fixed > Prevent possible post-auth RCE from webtools/control/ProgramExport > -- > > Key: OFBIZ-12055 > URL: https://issues.apache.org/jira/browse/OFBIZ-12055 > Project: OFBiz > Issue Type: Sub-task > Components: framework/webtools >Affects Versions: Trunk >Reporter: Jacques Le Roux >Assignee: Jacques Le Roux >Priority: Minor > Fix For: 18.12.01, 17.12.05 > > > This was reported to the security team by Shuibo Ye . We > did not create a CVE because it's a post-auth "vulnerability" -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Reopened] (OFBIZ-12055) Prevent possible post-auth RCE from webtools/control/ProgramExport
[ https://issues.apache.org/jira/browse/OFBIZ-12055?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jacques Le Roux reopened OFBIZ-12055: - > Prevent possible post-auth RCE from webtools/control/ProgramExport > -- > > Key: OFBIZ-12055 > URL: https://issues.apache.org/jira/browse/OFBIZ-12055 > Project: OFBiz > Issue Type: Sub-task > Components: framework/webtools >Affects Versions: Trunk >Reporter: Jacques Le Roux >Assignee: Jacques Le Roux >Priority: Minor > Fix For: Upcoming Branch > > > This was reported to the security team by Shuibo Ye . We > did not create a CVE because it's a post-auth "vulnerability" -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-12055) Prevent possible post-auth RCE from webtools/control/ProgramExport
[ https://issues.apache.org/jira/browse/OFBIZ-12055?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17231987#comment-17231987 ] ASF subversion and git services commented on OFBIZ-12055: - Commit 6bf785654a1fa4ad6611736195d9a113844a850b in ofbiz-framework's branch refs/heads/release17.12 from Jacques Le Roux [ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=6bf7856 ] Improved: Prevent possible post-auth RCE from webtools/control/ProgramExport (OFBIZ-12055) This was reported to the security team by Shuibo Ye . We did not create a CVE because it's a post-auth "vulnerability" Thanks: Shuibo Ye > Prevent possible post-auth RCE from webtools/control/ProgramExport > -- > > Key: OFBIZ-12055 > URL: https://issues.apache.org/jira/browse/OFBIZ-12055 > Project: OFBiz > Issue Type: Sub-task > Components: framework/webtools >Affects Versions: Trunk >Reporter: Jacques Le Roux >Assignee: Jacques Le Roux >Priority: Minor > Fix For: Upcoming Branch > > > This was reported to the security team by Shuibo Ye . We > did not create a CVE because it's a post-auth "vulnerability" -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-12055) Prevent possible post-auth RCE from webtools/control/ProgramExport
[ https://issues.apache.org/jira/browse/OFBIZ-12055?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17231988#comment-17231988 ] ASF subversion and git services commented on OFBIZ-12055: - Commit 0b26b9155f02d54c97428bfab5b68b268356a2c0 in ofbiz-framework's branch refs/heads/release18.12 from Jacques Le Roux [ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=0b26b91 ] Improved: Prevent possible post-auth RCE from webtools/control/ProgramExport (OFBIZ-12055) This was reported to the security team by Shuibo Ye . We did not create a CVE because it's a post-auth "vulnerability" Thanks: Shuibo Ye > Prevent possible post-auth RCE from webtools/control/ProgramExport > -- > > Key: OFBIZ-12055 > URL: https://issues.apache.org/jira/browse/OFBIZ-12055 > Project: OFBiz > Issue Type: Sub-task > Components: framework/webtools >Affects Versions: Trunk >Reporter: Jacques Le Roux >Assignee: Jacques Le Roux >Priority: Minor > Fix For: Upcoming Branch > > > This was reported to the security team by Shuibo Ye . We > did not create a CVE because it's a post-auth "vulnerability" -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Closed] (OFBIZ-12056) Prevent Zip Slip vulnerability
[ https://issues.apache.org/jira/browse/OFBIZ-12056?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jacques Le Roux closed OFBIZ-12056. --- Fix Version/s: 18.12.01 Resolution: Fixed R17 is not concerned, more recent code > Prevent Zip Slip vulnerability > -- > > Key: OFBIZ-12056 > URL: https://issues.apache.org/jira/browse/OFBIZ-12056 > Project: OFBiz > Issue Type: Sub-task > Components: framework/base >Affects Versions: Trunk >Reporter: Jacques Le Roux >Assignee: Jacques Le Roux >Priority: Major > Fix For: 18.12.01 > > > While working with FileUtil::unzipFileToFolder I noticed that it's vulnerable > to Zip slip vulnerability: https://snyk.io/research/zip-slip-vulnerability. > Fortunately OOTB code does not use FileUtil::unzipFileToFolder so I did not > create a CVE, nor reported to > https://github.com/snyk/zip-slip-vulnerability#user-content-projects-affected-and-fixed. > If you think we should please shime in... -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-12056) Prevent Zip Slip vulnerability
[ https://issues.apache.org/jira/browse/OFBIZ-12056?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17231984#comment-17231984 ] ASF subversion and git services commented on OFBIZ-12056: - Commit e136cb1d9885fc6e0910637542308a9b7c10eb9f in ofbiz-framework's branch refs/heads/trunk from Jacques Le Roux [ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=e136cb1 ] Fixed: Prevent Zip Slip vulnerability (OFBIZ-12056) While working with FileUtil::unzipFileToFolder I noticed that it's vulnerable to Zip slip vulnerability: https://snyk.io/research/zip-slip-vulnerability. Fortunately OOTB code does not use FileUtil::unzipFileToFolder so I did not create a CVE, nor reported to https://github.com/snyk/zip-slip-vulnerability#user-content-projects-affected-and-fixed. If you think we should please shime in... > Prevent Zip Slip vulnerability > -- > > Key: OFBIZ-12056 > URL: https://issues.apache.org/jira/browse/OFBIZ-12056 > Project: OFBiz > Issue Type: Sub-task > Components: framework/base >Affects Versions: Trunk >Reporter: Jacques Le Roux >Assignee: Jacques Le Roux >Priority: Major > > While working with FileUtil::unzipFileToFolder I noticed that it's vulnerable > to Zip slip vulnerability: https://snyk.io/research/zip-slip-vulnerability. > Fortunately OOTB code does not use FileUtil::unzipFileToFolder so I did not > create a CVE, nor reported to > https://github.com/snyk/zip-slip-vulnerability#user-content-projects-affected-and-fixed. > If you think we should please shime in... -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-12056) Prevent Zip Slip vulnerability
[ https://issues.apache.org/jira/browse/OFBIZ-12056?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17231983#comment-17231983 ] ASF subversion and git services commented on OFBIZ-12056: - Commit 01c0ff5469346fcce0c2d613026ca234c546f564 in ofbiz-framework's branch refs/heads/release18.12 from Jacques Le Roux [ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=01c0ff5 ] Fixed: Prevent Zip Slip vulnerability (OFBIZ-12056) While working with FileUtil::unzipFileToFolder I noticed that it's vulnerable to Zip slip vulnerability: https://snyk.io/research/zip-slip-vulnerability. Fortunately OOTB code does not use FileUtil::unzipFileToFolder so I did not create a CVE, nor reported to https://github.com/snyk/zip-slip-vulnerability#user-content-projects-affected-and-fixed. If you think we should please shime in... > Prevent Zip Slip vulnerability > -- > > Key: OFBIZ-12056 > URL: https://issues.apache.org/jira/browse/OFBIZ-12056 > Project: OFBiz > Issue Type: Sub-task > Components: framework/base >Affects Versions: Trunk >Reporter: Jacques Le Roux >Assignee: Jacques Le Roux >Priority: Major > > While working with FileUtil::unzipFileToFolder I noticed that it's vulnerable > to Zip slip vulnerability: https://snyk.io/research/zip-slip-vulnerability. > Fortunately OOTB code does not use FileUtil::unzipFileToFolder so I did not > create a CVE, nor reported to > https://github.com/snyk/zip-slip-vulnerability#user-content-projects-affected-and-fixed. > If you think we should please shime in... -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Assigned] (OFBIZ-12056) Prevent Zip Slip vulnerability
[ https://issues.apache.org/jira/browse/OFBIZ-12056?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jacques Le Roux reassigned OFBIZ-12056: --- Assignee: Jacques Le Roux > Prevent Zip Slip vulnerability > -- > > Key: OFBIZ-12056 > URL: https://issues.apache.org/jira/browse/OFBIZ-12056 > Project: OFBiz > Issue Type: Sub-task > Components: framework/base >Affects Versions: Trunk >Reporter: Jacques Le Roux >Assignee: Jacques Le Roux >Priority: Major > > While working with FileUtil::unzipFileToFolder I noticed that it's vulnerable > to Zip slip vulnerability: https://snyk.io/research/zip-slip-vulnerability. > Fortunately OOTB code does not use FileUtil::unzipFileToFolder so I did not > create a CVE, nor reported to > https://github.com/snyk/zip-slip-vulnerability#user-content-projects-affected-and-fixed. > If you think we should please shime in... -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (OFBIZ-12056) Prevent Zip Slip vulnerability
Jacques Le Roux created OFBIZ-12056: --- Summary: Prevent Zip Slip vulnerability Key: OFBIZ-12056 URL: https://issues.apache.org/jira/browse/OFBIZ-12056 Project: OFBiz Issue Type: Sub-task Components: framework/base Affects Versions: Trunk Reporter: Jacques Le Roux While working with FileUtil::unzipFileToFolder I noticed that it's vulnerable to Zip slip vulnerability: https://snyk.io/research/zip-slip-vulnerability. Fortunately OOTB code does not use FileUtil::unzipFileToFolder so I did not create a CVE, nor reported to https://github.com/snyk/zip-slip-vulnerability#user-content-projects-affected-and-fixed. If you think we should please shime in... -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (OFBIZ-12055) Prevent possible post-auth RCE from webtools/control/ProgramExport
[ https://issues.apache.org/jira/browse/OFBIZ-12055?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jacques Le Roux updated OFBIZ-12055: Parent: OFBIZ-1525 Issue Type: Sub-task (was: Improvement) > Prevent possible post-auth RCE from webtools/control/ProgramExport > -- > > Key: OFBIZ-12055 > URL: https://issues.apache.org/jira/browse/OFBIZ-12055 > Project: OFBiz > Issue Type: Sub-task > Components: framework/webtools >Affects Versions: Trunk >Reporter: Jacques Le Roux >Assignee: Jacques Le Roux >Priority: Minor > Fix For: Upcoming Branch > > > This was reported to the security team by Shuibo Ye . We > did not create a CVE because it's a post-auth "vulnerability" -- This message was sent by Atlassian Jira (v8.3.4#803005)