Looks good to me.
Kind Regards,
--
Pritam Kute
On Mon, Jul 13, 2020 at 9:04 PM Suraj Khurana
wrote:
> Hello team,
>
> I have created a ticket https://issues.apache.org/jira/browse/OFBIZ-11886
> to allow single line statements during checkstyle, I hope we are fine with
> this.
>
> For this, we
Hi James,
Inline...
Le 13/07/2020 à 08:36, James Yong a écrit :
Hi Jacques,
There is a number of reports relating to CSRF.
To reduce the number of false positive security alerts, I think the CSRF
defense should be turned on in the demo.
The OFBiz specific CSRF defense exists only in trunk
Hello team,
I have created a ticket https://issues.apache.org/jira/browse/OFBIZ-11886
to allow single line statements during checkstyle, I hope we are fine with
this.
For this, we need to add a module to allow single line statements:
==
==
Let me know your
Great news, thanks Jacopo,
I had a doubt we had enough binding vote, which is a pity I must say!
Jacques
Le 13/07/2020 à 10:44, Jacopo Cappellato a écrit :
The vote is successful with 4 positive votes (of which 3 binding).
The new release is going to be published and announced in a few days
Le 12/07/2020 à 13:07, Jacques Le Roux a écrit :
Hi team,
We recently got a security report about checkNewPassword where it was claimed a
CSRF vulnerability because of ignoreCurrentPassword but I rejected it.
I have though added a comment in trunk to allow users to adds OFBiz specific
CSRF
:-)
Thank you!
Jacopo
On Mon, Jul 13, 2020 at 11:10 AM Nicolas Malin
wrote:
> I come back after the war (the result), however +1
>
> Nicolas
>
> On 05/07/2020 10:23, Jacopo Cappellato wrote:
> > This is the vote thread (second attempt) to publish a new bug fix release
> > from the
I come back after the war (the result), however +1
Nicolas
On 05/07/2020 10:23, Jacopo Cappellato wrote:
> This is the vote thread (second attempt) to publish a new bug fix release
> from the "release17.12" branch. This new release, "Apache OFBiz 17.12.04",
> will supersede all the previous
The vote is successful with 4 positive votes (of which 3 binding).
The new release is going to be published and announced in a few days from
now.
Jacopo
> This is the vote thread (second attempt) to publish a new bug fix release
> from the "release17.12" branch. This new release, "Apache OFBiz
+1
Jacopo
On Sun, Jul 5, 2020 at 10:23 AM Jacopo Cappellato <
jacopo.cappell...@gmail.com> wrote:
> This is the vote thread (second attempt) to publish a new bug fix release
> from the "release17.12" branch. This new release, "Apache OFBiz 17.12.04",
> will supersede all the previous releases
Hi Girish,
Le 13/07/2020 à 05:48, Girish Vasmatkar a écrit :
Hi Jacques
I think the vulnerability does not exist if the CSRF defence is in place.
Yes I already answered the same to the reporter and he agreed.
If there is no defence in place, there is a possibility of using system
account
Hi Jacques,
There is a number of reports relating to CSRF.
To reduce the number of false positive security alerts, I think the CSRF
defense should be turned on in the demo.
I feel there should be additional verification like checking current password
when the user is doing password change.
11 matches
Mail list logo
