Thanks Jacques for all this works !
Le 05/02/2016 19:11, Jacques Le Roux a écrit :
Hi,
I thought I warned all our users to take care about "The 2015 infamous
Java unserialize vulnerability" as I called it when I created
https://cwiki.apache.org/confluence/display/OFBIZ/Keeping+OFBiz+secure
2 months ago.
But it only reached the dev ML so this mail to warn you about this
vulnerability we have still in OFBiz.
We have it because of the Groovy version we use
https://issues.apache.org/jira/browse/OFBIZ-6568. And you are also
vulnerable if you use RMI or/and JMX
You can protect your OFBiz instance/s by following the "Be safe!"
warning in the wiki page above. We use that in the demos for 2 months.
Be safe!
Jacques
