Hi,
I thought I warned all our users to take care about "The 2015 infamous Java unserialize vulnerability" as I called it when I created
https://cwiki.apache.org/confluence/display/OFBIZ/Keeping+OFBiz+secure 2 months ago.
But it only reached the dev ML so this mail to warn you about this
vulnerability we have still in OFBiz.
We have it because of the Groovy version we use
https://issues.apache.org/jira/browse/OFBIZ-6568. And you are also vulnerable
if you use RMI or/and JMX
You can protect your OFBiz instance/s by following the "Be safe!" warning in
the wiki page above. We use that in the demos for 2 months.
Be safe!
Jacques
