[email protected] Thanks & Regards -- Deepak Dixit ofbiz.apache.org
On Mon, May 4, 2020 at 3:23 PM Deepak Dixit <[email protected]> wrote: > Hi Joseph Francois, > > Please check the security.properties file and add your host > in host-headers-allowed property. > Please refer [1] for more detail. > > > [1] https://issues.apache.org/jira/browse/OFBIZ-11583 > > > Thanks & Regards > -- > Deepak Dixit > ofbiz.apache.org > > > On Mon, May 4, 2020 at 3:19 PM Joseph Francois <[email protected]> > wrote: > >> Hello Jacques, >> >> I installed 17.12.03 from scratch and I still get " >> >> : Domain x.x.x.x not accepted to prevent host header injection" >> >> What am I doing wrong? >> >> I have version 16 working. >> >> Regards, >> Joseph >> On 2020/04/30 12:11:13, Jacques Le Roux <[email protected]> >> wrote: >> > Severity: >> > Important >> > >> > Vendor: >> > The Apache Software Foundation >> > >> > Versions Affected: >> > OFBiz 17.12.01 >> > >> > Description: >> > Apache OFBiz is vulnerable to Host header injection by accepting >> arbitrary hosts >> > >> > Mitigation: >> > Upgrade to 17.12.03 or manually apply the commit at OFBIZ-11583 >> > ---- >> > >> > Credit: >> > Pradeep Jairamani <[email protected]> >> > >> > References: >> > https://ofbiz.apache.org/security.html >> > >> > >> >
