Hi Nithin, Your message has been moderated, else it would not have reached this Mailing List.
Please subscribe to the user ML for such questions and then use your email client. See why here http://ofbiz.apache.org/mailing-lists.html. You will get a better support, people can answer you on the ML. The wider the audience the better the answers you might get. Also it's more work for moderators who have to accept your messages as long as you have not subscribed. I'll personally no longer accept them (other moderators still could). Thanks This said, we have fixed this CVE with https://issues.apache.org/jira/browse/OFBIZ-11407 and later with https://issues.apache.org/jira/browse/OFBIZ-12558 If you want to disable the ajp 8009 protocol have a look for "8009" in framework/catalina/ofbiz-component.xml HTH Jacques Le 03/10/2023 à 11:33, Nithin P a écrit :
Hi, I'm using Apache Ofbiz v18.12.06 While I'm trying to upload an image for vulnerability scanning it shows CVE-2020-1938. I have tried to update to the latest version having the same issue, Does Anyone know where the tomcat conf files are stored in the Apache OFBiz application or how to disable ajp 8009 protocol in Apache OFBiz thanks in advance. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. You cannot use or forward any attachments in the email. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. Finally, the opinions disclosed by the sender do not have to reflect those of the company, therefore the company refuses to take any liability for the damage caused by the content of this email. Yobitel Communications Limited, #11, Kingsley Mews, Ley Street, Ilford, London - IG1 4BT, United Kingdom.www.yobitel.com
