Hi Vivek, the best way to go is to use a release that is part of a release branch that is still actively maintained:
https://ofbiz.apache.org/download.html Security vulnerabilities on active branches should be reported to the OFBiz security list: secur...@ofbiz.apache.org Thank you, Jacopo On Tue, Dec 19, 2017 at 6:40 AM, vivek.mi <vmvivek...@gmail.com> wrote: > Hello All, > > A few issues were reported while testing my application using IBM AppScan > tool, built upon OFBiz framework for Blackbox testing. Issues are listed as > below: > > 1. Unsafe third-party link (target="_blank") in screens and forms. > > 2. Query Parameter in SSL Request while sending hidden fields in XML and > FTL > forms. > > 3. Body Parameters Accepted in Query > > 4. Archive File Download > > 5. Cacheable SSL Page Found > > Please suggest something how can i go ahead to resolve these issues. I am > using OFBiz version 12.05. > > Thanks in advance, > Vivek Mishra > > > > ----- > Vivek Mishra > -- > Sent from: http://ofbiz.135035.n4.nabble.com/OFBiz-User-f135036.html >
