The goal is to replace the contrast Java agent by the notsoserial Java agent which can be used to protect OFBiz instances from possible Java serialize vulnerabilities.
For that we need to modifie the *-secure targets (start-secure, start-batch-secure, start-pos-secure, start-both-secure) to use the notsoserial Java agent with its most secure setting.
See https://cwiki.apache.org/confluence/display/OFBIZ/The+infamous+Java+serialize+vulnerability for more information
The notsoserial Java agent is placed in the tools/security/notsoserial folder and a dependency-check folder created under the tools/security folder to move there the dependency-check files from the tools/security folder.
The trunk demo will be using the notsoserial Java agent ASAP. The older ones will keep the contrast Java agent which should be enough as soon as we will comment out the RMI stuff in OFBiz.
Users need to care anyway...