Uploaded image for project: 'OFBiz'
  1. OFBiz
  2. OFBIZ-1525 Issue to group security concerns
  3. OFBIZ-12594

Prevent Freemarker interpolation in fields

    XMLWordPrintableJSON

Details

    • Bug Crush Event - 21/2/2015

    Description

      OFBIZ-12587 is a definitive solution to prevent any kind of Freemarker exploits. But it's hard to realise because OFBiz exposes objects, like attributes from the Servlet scopes. So in the meantime preventing Freemarker interpolation in fields is a pragmatic solution.

      Attachments

        Issue Links

          breaks

          Bug - A problem which impairs or prevents the functions of the product. OFBIZ-12595 Test run was unsuccessful because of failing solr tests

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. OFBIZ-12600 Solr requires application/x-www-form-urlencoded

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. OFBIZ-12602 XML Import fails due to security check

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Activity

            People

              jleroux Jacques Le Roux
              jleroux Jacques Le Roux
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: