Hello Jacques, I installed 17.12.03 from scratch and I still get "
: Domain x.x.x.x not accepted to prevent host header injection" What am I doing wrong? I have version 16 working. Regards, Joseph On 2020/04/30 12:11:13, Jacques Le Roux <[email protected]> wrote: > Severity: > Important > > Vendor: > The Apache Software Foundation > > Versions Affected: > OFBiz 17.12.01 > > Description: > Apache OFBiz is vulnerable to Host header injection by accepting arbitrary hosts > > Mitigation: > Upgrade to 17.12.03 or manually apply the commit at OFBIZ-11583 > ---- > > Credit: > Pradeep Jairamani <[email protected]> > > References: > https://ofbiz.apache.org/security.html > >
