Deepak/Jacques, Thank you for your information on this. I have sent a request to subscribe to the security mailing list. Will see and connect over it, I thought if somewhere I can contribute. Will surely connect over the security channels.
Best Regards, -- Rishi Solanki *CTO, Mindpath Technology* Intelligent Solutions cell: +91-98932-87847 LinkedIn <https://www.linkedin.com/in/rishi-solanki-62271b7/> On Wed, Sep 30, 2020 at 12:55 PM Jacques Le Roux < [email protected]> wrote: > Hi Rishi, > > I already answered to this question to Olivier on Slack: > > Jacques Le Roux<https://app.slack.com/team/U7KCFUGTH>10:06 < > https://the-asf.slack.com/archives/CD3TJJJ5B/p1601021208005600> > Hi@Olivier_H <https://the-asf.slack.com/team/UF6JPSURF>We generally > don't discuss security issues openly. We do that in the private security ML. > But since we had to stop the demos I'll explain you that in your own > channel > > As you are a PMC member you can get more information if you subscribe to > the security ML: [email protected] (Olivier could not, he is > only a > committer). > I can then explain you more there and if you want we can collaborate on > this effort that I have started. Beware: it's a complicated stuff :) > > Thanks > > Jacques > > Le 30/09/2020 à 00:25, Rishi Solanki a écrit : > > Hello Jacques/All, > > What exactly the issues are to not starting the demos. What demo data are > > problematic, is it reported somewhere. > > > > I would like to see if we can resolve and restart the demo instances > again. > > Any detail around the problem if anyone have then please share. > > > > Best Regards, > > -- > > Rishi Solanki > > *CTO, Mindpath Technology* > > Intelligent Solutions > > cell: +91-98932-87847 > > LinkedIn <https://www.linkedin.com/in/rishi-solanki-62271b7/> > > > > > > On Thu, Sep 24, 2020 at 1:17 PM Jacques Le Roux < > > [email protected]> wrote: > > > >> Ha yes indeed, thanks! > >> > >> Le 24/09/2020 à 09:04, itsupport a écrit : > >>> Because you wrote: > >>> > >>> > >>> On 2020/08/11 10:50:43, Jacques Le Roux wrote: > >>>>> Hi,> > >>>>> > >>>>> Due to possible security issues the demos have been shutdown.> > >>>>> > >>>>> These possible security issues are due to the demos data.> > >>> If it was code i would be seriously concerned . > >>> > >>> Sent from my Samsung Galaxy smartphone. > >>> > >>> > >>> -------- Original message -------- > >>> From: Jacques Le Roux <[email protected]> > >>> Date: 24/09/20 16:47 (GMT+12:00) > >>> To: [email protected], Shane Hollis <[email protected]> > >>> Subject: Re: Demos shutdown because possible security issues > >>> > >>> Hi Shane, > >>> > >>> Your message has been moderated, else it would not have reached this > >> Mailing List. > >>> Please subscribe to the user ML for such questions and then use your > >> email client. > >>> See why here http://ofbiz.apache.org/mailing-lists.html. > >>> > >>> You will get a better support, people can answer you on the ML. > >>> The wider the audience the better the answers you might get. > >>> > >>> Also it's more work for moderators who have to accept your messages as > >> long as you have not subscribed. > >>> I'll personally no longer accept them (other moderators still could). > >>> > >>> Thanks > >>> > >>> This said, how do you know that it's only (demo) data (which is right) > >> and not code :) ? > >>> Jacques > >>> > >>> Le 24/09/2020 à 06:03, Shane Hollis a écrit : > >>>> Hi, > >>>> > >>>> We went to view the demos and saw the security message. It might be > >>>> worth making it really clear the security issue is the data not the > >> code > >>>> - as it is not a good look to have a project shut for security reasons > >> - > >>>> especially one that handles finances. Just saying :) > >>>> > >>>> Shane > >>>> > >>>> > >>>> > >>>> On 2020/08/11 10:50:43, Jacques Le Roux wrote: > >>>>> Hi,> > >>>>> > >>>>> Due to possible security issues the demos have been shutdown.> > >>>>> > >>>>> These possible security issues are due to the demos data.> > >>>>> > >>>>> So custom projects should not have to worry.> > >>>>> > >>>>> We will discuss in dev ML how to restart the demos.> > >>>>> > >>>>> Thanks for your patience> > >>>>> > >>>>> Jacques> > >>>>> > >>>>> > >>>> > >>>> ----All Outsourced Information Technology Limiteds work, sales and > >> correspondence is covered under our terms of service and privacy > policies > >> found > >>> at https://outsourcedit.co.nz/tandc . Our online invoicing system is > >> found at https://invoice.outsourcedit.co.nz and invoices, receipts and > >> quotes > >>> can be accessed there. All goods and services sold are covered under > the > >> Sale of Goods Act and the Consumer Guarantees Act of NZ and will be > liable > >>> for GST where applicable. > >>>> > >>> Jacques Le Roux > >>> 400E Chemin de la Mouline > >>> 34560 Poussan > >>> 04 67 51 19 38 > >>> 06 11 79 50 28 > >>> > >>> > >>> > >>> ---- > >>> All Outsourced Information Technology Limiteds work, sales and > >> correspondence is covered under our terms of service and privacy > policies > >> found at > >>> https://outsourcedit.co.nz/tandc . > >>> Our online invoicing system is found at > >> https://invoice.outsourcedit.co.nz and invoices, receipts and quotes > can > >> be accessed there. > >>> All goods and services sold are covered under the Sale of Goods Act and > >> the Consumer Guarantees Act of NZ and will be liable for GST where > >> applicable. > >> Jacques Le Roux > >> 400E Chemin de la Mouline > >> 34560 Poussan > >> 04 67 51 19 38 > >> 06 11 79 50 28 > >> > >> >
