Re: Demos shutdown because possible security issues

Wed, 30 Sep 2020 00:25:59 -0700 

Hi Rishi,

I already answered to this question to Olivier on Slack:

   Jacques Le Roux<https://app.slack.com/team/U7KCFUGTH>10:06 
<https://the-asf.slack.com/archives/CD3TJJJ5B/p1601021208005600>
   Hi@Olivier_H <https://the-asf.slack.com/team/UF6JPSURF>We generally don't 
discuss security issues openly. We do that in the private security ML.
   But since we had to stop the demos I'll explain you that in your own channel
As you are a PMC member you can get more information if you subscribe to the security ML: [email protected]  (Olivier could not,  he is only a committer). 
I can then explain you more there and if you want we can collaborate on this 
effort that I have started. Beware: it's a complicated stuff :)

Thanks

Jacques

Le 30/09/2020 à 00:25, Rishi Solanki a écrit :

Hello Jacques/All,
What exactly the issues are to not starting the demos. What demo data are
problematic, is it reported somewhere.

I would like to see if we can resolve and restart the demo instances again.
Any detail around the problem if anyone have then please share.

Best Regards,
--
Rishi Solanki
*CTO, Mindpath Technology*
Intelligent Solutions
cell: +91-98932-87847
LinkedIn <https://www.linkedin.com/in/rishi-solanki-62271b7/>


On Thu, Sep 24, 2020 at 1:17 PM Jacques Le Roux <
[email protected]> wrote:


Ha yes indeed, thanks!

Le 24/09/2020 à 09:04, itsupport a écrit :

Because you wrote:


On 2020/08/11 10:50:43, Jacques Le Roux wrote:

Hi,>

Due to possible security issues the demos have been shutdown.>

These possible security issues are due to the demos data.>

If it was code i would be seriously concerned .

Sent from my Samsung Galaxy smartphone.


-------- Original message --------
From: Jacques Le Roux <[email protected]>
Date: 24/09/20 16:47 (GMT+12:00)
To: [email protected], Shane Hollis <[email protected]>
Subject: Re: Demos shutdown because possible security issues

Hi Shane,

Your message has been moderated, else it would not have reached this

Mailing List.

Please subscribe to the user ML for such questions and then use your

email client.

See why here http://ofbiz.apache.org/mailing-lists.html.

You will get a better support, people can answer you on the ML.
The wider the audience the better the answers you might get.

Also it's more work for moderators who have to accept your messages as

long as you have not subscribed.

I'll personally no longer accept them (other moderators still could).

Thanks

This said, how do you know that it's only (demo) data (which is right)

and not code :) ?

Jacques

Le 24/09/2020 à 06:03, Shane Hollis a écrit :

Hi,

We went to view the demos and saw the security message. It might be
worth making it really clear the security issue is the data not the

code

- as it is not a good look to have a project shut for security reasons

-

especially one that handles finances. Just saying :)

Shane



On 2020/08/11 10:50:43, Jacques Le Roux wrote:

Hi,>

Due to possible security issues the demos have been shutdown.>

These possible security issues are due to the demos data.>

So custom projects should not have to worry.>

We will discuss in dev ML how to restart the demos.>

Thanks for your patience>

Jacques>




----All Outsourced Information Technology Limiteds work, sales and

correspondence is covered under our terms of service and privacy policies
found

at https://outsourcedit.co.nz/tandc . Our online invoicing system is

found at https://invoice.outsourcedit.co.nz and invoices, receipts and
quotes

can be accessed there. All goods and services sold are covered under the

Sale of Goods Act and the Consumer Guarantees Act of NZ and will be liable

for GST where applicable.



Jacques Le Roux
400E Chemin de la Mouline
34560 Poussan
04 67 51 19 38
06 11 79 50 28



----
All Outsourced Information Technology Limiteds work, sales and

correspondence is covered under our terms of service and privacy policies
found at

https://outsourcedit.co.nz/tandc .
Our online invoicing system is found at

https://invoice.outsourcedit.co.nz and invoices, receipts and quotes can
be accessed there.

All goods and services sold are covered under the Sale of Goods Act and

the Consumer Guarantees Act of NZ and will be liable for GST where
applicable.
Jacques Le Roux
400E Chemin de la Mouline
34560 Poussan
04 67 51 19 38
06 11 79 50 28

Reply via email to