Thanks Nicolas!
The same applies to Apache OFBiz 13.07.01 and of course, Apache OFBiz 12.04.*
older releases (than 12.04.05)
Again: only mandatory if you use the HTTPS connector (like with Nginx as Front or with a direct access to the embedded Tomcat). Always better to
update anyway
Jacques
Le 16/11/2014 22:38, Nicolas Malin a écrit :
Hi,
With the poodle vulnerability, the branch 12.04 migrated to java 1.7 from the svn revision 1639986. For more information and to understand the
reason you can see https://issues.apache.org/jira/browse/OFBIZ-5848.
You will need to upgrade your jvm from 1.6 to 1.7 on your local environment if
you follow the branch 12.04.
If you use Apache OFBiz 12.04.05, you may be concerned only if you use the https connector of the embed tomcat. In this case, you can follow this
process :
* update your jvm to 1.7
* change your tomcat ssl protocol to TLSv2 in your ofbiz-container.xml like :
<property name="sslProtocol" value="TLSv2"/>
<property name="protocols" value="TLSv2"/>
* apply the patch
https://issues.apache.org/jira/secure/attachment/12681409/OFBIZ-5848-java17-12.04.patch
* compile
* Have fun !
If you detect any error, please let me know.
Nicolas
