Hi Jacques, "but eventually decided to release OFBiz 18.12.06 with the Birt component disabled".... what does it mean?
Does it mean that we cannot use BIRT in Ofbiz 18.12.06 onwards for reports? If yes, then which other reporting api is added in ofbiz 18.12.06? Does it mean .... those java files which we all are using for BIRT for reporting will no longer work? Will we all have to design and develop all the reports new and re-code its corresponding java classes with the help of new API's? Pls clarify properly. Statements are not complete and clear enough to understand clearly and that is why we have to ask repeatedly. regards Avijit On Sat, Sep 3, 2022 at 6:57 PM Jacques Le Roux <[email protected]> wrote: > Hi I'm sorry, I forgot to mention here the same than for (CVE-2022-25370) > for the mitigation. > > Obviously there is no patch to apply since we waited [too] long for > https://github.com/eclipse/birt/issues/625 > to resolve but eventually decided to release OFBiz 18.12.06 with > the Birt component disabled. > > My apologies > > Jacques > > Le 02/09/2022 à 08:34, Jacques Le Roux a écrit : > > Severity: > > High > > > > Vendor: > > The Apache Software Foundation > > > > Versions Affected: > > OFBiz versions prior to 18.12.06 > > > > Description: > > The Birt viewer version 4.5.0 has a security issue that allows this > exploit. > > We waited long for https://github.com/eclipse/birt/issues/625 > > to resolve but eventually decided to release OFBiz 18.12.06 without > > the Birt component > > > > Mitigation: > > Upgrade to at least 18.12.06 > > or apply patches at https://issues.apache.org/jira/browse/OFBIZ-... > > > > Credit: > > [email protected] > > > > References: > > http://ofbiz.apache.org/download.html#vulnerabilities > > >
