Hi Joseph Francois, Please check the security.properties file and add your host in host-headers-allowed property. Please refer [1] for more detail.
[1] https://issues.apache.org/jira/browse/OFBIZ-11583 Thanks & Regards -- Deepak Dixit ofbiz.apache.org On Mon, May 4, 2020 at 3:19 PM Joseph Francois <[email protected]> wrote: > Hello Jacques, > > I installed 17.12.03 from scratch and I still get " > > : Domain x.x.x.x not accepted to prevent host header injection" > > What am I doing wrong? > > I have version 16 working. > > Regards, > Joseph > On 2020/04/30 12:11:13, Jacques Le Roux <[email protected]> > wrote: > > Severity: > > Important > > > > Vendor: > > The Apache Software Foundation > > > > Versions Affected: > > OFBiz 17.12.01 > > > > Description: > > Apache OFBiz is vulnerable to Host header injection by accepting > arbitrary hosts > > > > Mitigation: > > Upgrade to 17.12.03 or manually apply the commit at OFBIZ-11583 > > ---- > > > > Credit: > > Pradeep Jairamani <[email protected]> > > > > References: > > https://ofbiz.apache.org/security.html > > > > >
