Thanks Deepak,
And please Joseph Francois, your message has been moderated, else it would not
have reach this Mailing List.
Please subscribe to the user ML for such questions and then use your email
client.
See why here http://ofbiz.apache.org/mailing-lists.html.
You will get a better support, people can answer you on the ML.
The wider the audience the better the answers you might get.
Also it's more work for moderators who have to accept your messages as long as
you have not subscribed.
I'll personally no longer accept them and this is really the last time(other
moderators still could).
Thanks
Jacques
Le 04/05/2020 à 11:53, Deepak Dixit a écrit :
Hi Joseph Francois,
Please check the security.properties file and add your host
in host-headers-allowed property.
Please refer [1] for more detail.
[1] https://issues.apache.org/jira/browse/OFBIZ-11583
Thanks & Regards
--
Deepak Dixit
ofbiz.apache.org
On Mon, May 4, 2020 at 3:19 PM Joseph Francois <[email protected]>
wrote:
Hello Jacques,
I installed 17.12.03 from scratch and I still get "
: Domain x.x.x.x not accepted to prevent host header injection"
What am I doing wrong?
I have version 16 working.
Regards,
Joseph
On 2020/04/30 12:11:13, Jacques Le Roux <[email protected]>
wrote:
Severity:
Important
Vendor:
The Apache Software Foundation
Versions Affected:
OFBiz 17.12.01
Description:
Apache OFBiz is vulnerable to Host header injection by accepting
arbitrary hosts
Mitigation:
Upgrade to 17.12.03 or manually apply the commit at OFBIZ-11583
----
Credit:
Pradeep Jairamani <[email protected]>
References:
https://ofbiz.apache.org/security.html
