Bulk Operation

OFBIZ-1525 [SECURITY] Several CVEs in Apache Tomcat

OFBIZ-1525 [SECURITY] In Solr fixe NPE in FieldLengthFeature with non-stored/missing fields.

OFBIZ-1525 [SECURITY] (CVE-2024-25065) Normalize contextPath in hasBasePermission

OFBIZ-1525 [SECURITY] (CVE-2024-23946) Don't need to show files names in UI messages

OFBIZ-1525 [SECURITY: CVE-2023-50968] Use screen engine for the request getJSONuilabels

OFBIZ-1525 [SECURITY: CVE-2023-51467] Replaced direct null checks on username, password, and token with UtilValidate.isEmpty() method calls for consistency.

OFBIZ-1525 [SECURITY] Upgrade Apache Shiro to 1.13.0 to fix CVE-2023-46750

OFBIZ-1525 [SECURITY] Several CVEs in Apache Tomcat

OFBIZ-1525 Execution of queries without authentication

OFBIZ-1525 Improve use of RandomStringUtils where it's potentially used in an insecure way

OFBIZ-1525 [CVE-2023-34478] Apache Shiro, before 1.12.0, is susceptible to a path traversal attack

OFBIZ-1525 [SECURITY] CVE-2023-34981 Apache Tomcat

OFBIZ-1525 Disable the Birt component in all branches (including trunk) because of CVE-2022-25371

OFBIZ-1525 [SECURITY] Remove deprecated Apache XML-RPC related code (CVE-2023-49070)

OFBIZ-1525 Disallow string concatenation in uploaded files

OFBIZ-1525 [CVE-2022-47501] Arbitrary file reading vulnerability in Solr

OFBIZ-1525 [SECURITY] CVE-2023-28708 Apache Tomcat - Information Disclosure

OFBIZ-1525 CVE-2023-24998 Apache Commons FileUpload and Tomcat - DoS with excessive parts

OFBIZ-1525 CVE-2022-45143 Apache Tomcat - JsonErrorReportValve injection

OFBIZ-1525 Update Apache Shiro to 1.10.1

OFBIZ-1525 Update Tomcat to 9.0.68 due to a low security issue

OFBIZ-1525 Upgrade Tomcat from 9.0.60 to 9.0.65

OFBIZ-1525 [SECURITY] Upgrade Tika to 1.28.4

OFBIZ-1525 Update Solr and Lucene from 8.11.1 to 8.11.2 for security reason

OFBIZ-1525 Java Deserialization vulnerability in Apache OfBiz (CVE-2022-29063)

OFBIZ-1525 Regular expression denial of service in jquery-validation

OFBIZ-1525 [SECURITY] Upgrade Tika to 1.28.3

OFBIZ-1525 In UtilHttp, for regex processing of urls, replace Java regexp with RE2J

OFBIZ-1525 Prevent Freemarker interpolation in fields

OFBIZ-1525 Prevent possible DOS attack done using Java deserialisation

OFBIZ-1525 Stored XSS in webappPath parameter from content/control/EditWebSite

OFBIZ-1525 Prevent post-Auth vulnerability: FreeMarker Bypass

OFBIZ-1525 CLONE - [SECURITY] Upgrade Tika to 1.28.1

OFBIZ-1525 [SECURITY] Upgrade Tika to 2.3.0 or more

OFBIZ-1525 Possible authenticated attack related to Tomcat CVE-2020-1938

OFBIZ-1525 [SECURITY] CVE-2022-23437: Infinite loop within Apache XercesJ xml parser

OFBIZ-1525 Upgrade Tomcat from 9.0.54 to 9.0.58

OFBIZ-1525 [SECURITY] CVE-2021-44832: Apache Log4j2

OFBIZ-1525 [SECURITY] Update TIka because of Apache Log4j2 vulnerability

OFBIZ-1525 [SECURITY] CVE-2021-45105: Apache Log4j2

OFBIZ-1525 Update Solr and Lucene to address several CVEs (including Log4j)

OFBIZ-1525 [SECURITY] CVE-2021-44228: Apache Log4j2

OFBIZ-1525 Update jquery-validation to 1.19.3 for security reason

OFBIZ-1525 [SECURITY] CVE-2021-42340 Apache Tomcat DoS

OFBIZ-1525 post-auth Remote Code Execution Vulnerability

OFBIZ-1525 The Solr version included in OFBiz has an SSRF vulnerability (CVE-2021-27905)

OFBIZ-1525 OFBiz Arbitrary file read vulnerability

OFBIZ-1525 CVE-2021-37608 vulnerability bypass

OFBIZ-1525 Found a new XXE (XML External Entity Injection) vulnerability in ArtifactInfo

OFBIZ-1525 Found a new XXE (XML External Entity Injection) vulnerability in EntityImport

OFBIZ-1525 SecuredUpload::isValidTextFile wrong check with uppercase

OFBIZ-1525 Wrong uploaded file checked in Image Management [CVE-2021-37608]

OFBIZ-1525 Update PDFBox to 2.0.24 because of CVE-2021-31811 & CVE-2021-31812

OFBIZ-1525 Fixed ObjectInputStream denyList [CVE-2021-30128]

OFBIZ-1525 Fixed UtilObject class [CVE-2021-29200]

OFBIZ-1525 Comment out the SOAP and HTTP engines - Fix [CVE-2021-30128]

OFBIZ-1525 Upgrade Apache PDFBox to 2.0.23 because of CVE-2021-27807 and CVE-2021-27906

OFBIZ-1525 webtools/control/threadList no longer works on trunk (only)

OFBIZ-1525 Dependency verification

OFBIZ-1525 Adds a blacklist (to be renamed soon to denylist) in Java serialisation (CVE-2021-26295)

OFBIZ-1525 Upgrade Tomcat from 9.0.41 to 9.0.43

OFBIZ-1525 Make ruleName field in PriceForms.xml#AddPriceRules safe

OFBIZ-1525 Post-auth XSS vulnerability at catalog/control/EditProductPromo

OFBIZ-1525 Secure the uploads

OFBIZ-1525 Prevent arbitary file write using webtools/control/EntitySQLProcessor.

OFBIZ-1525 Prevent Zip Slip vulnerability

OFBIZ-1525 Prevent possible post-auth RCE from webtools/control/ProgramExport

OFBIZ-1525 Local File Inclusion vulnerability

OFBIZ-1525 Remote Code Execution (File Upload) Vulnerability

OFBIZ-1525 Check if <<request.getParameter(">> meme needs encoding in some place

OFBIZ-1525 Server-Side Template Injection using Static

OFBIZ-1525 Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)

OFBIZ-1525 CLONE - Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)

OFBIZ-1525 Reflected XSS in content component

OFBIZ-1525 IDOR vulnerability in the order processing feature in ecommerce component (CVE-2020-13923)

OFBIZ-1525 CLONE - Check embedded Javascript libs vulnerabilities using retire.js

OFBIZ-1525 Apache OFBiz unsafe deserialization of XMLRPC arguments (CVE-2020-9496)

OFBIZ-1525 Prevent FreeMarker Template Injection (SSTI)

OFBIZ-1525 CLONE - Use only HTTPS in OFBiz

OFBIZ-1525 Prevent Host Header Injection (CVE-2019-12425)

OFBIZ-1525 Improve Web Content Caching

OFBIZ-1525 Ensure that the SameSite attribute is set to 'strict' for all cookies. (CVE-2019-0235)

OFBIZ-1525 Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938)

OFBIZ-1525 The "stream" request-map in ecommerce and commonext controllers requires authentication

OFBIZ-1525 Temporarily comment out the "stream" request-map in ecommerce controller for security reason

OFBIZ-1525 POC for CSRF Token (CVE-2019-0235)

OFBIZ-1525 Arbitrary Code Execution

OFBIZ-1525 Path Traversal in webtools/control/FetchLogs and ViewFile

OFBIZ-1525 XML Entity Injection in webtools/control/entityImport

OFBIZ-1525 Create customer request screen breaks when entering special characters (CVE-2019-10074)

OFBIZ-1525 Update Tomcat to 9.0.18 due to CVE-2019-0232

OFBIZ-1525 Update Tomcat to 9.0.16 due to CVE-2019-0199

OFBIZ-1525 Replace SHA-1 by SHA-512

OFBIZ-1525 Improve ObjectInputStream class (CVE-2019-0189)

OFBIZ-1525 Html escaping missing for portalPageId parameter of Help button

OFBIZ-1525 Update Apache commons-fileupload to last version (CVE-2019-0189)

OFBIZ-1525 CLONE - Check embedded Javascript libs vulnerabilities using retire.js

OFBIZ-1525 improve XML parsing with more restrictive settings

OFBIZ-1525 Add a mean to handle CSRF (CVE-2019-0235)

OFBIZ-1525 Session fixation issue

OFBIZ-1525 Update Solr and Lucene from 7.2.1 to Solr 7.3.1 for security reason (CVE-2018-8010)

OFBIZ-1525 JSESSIONID root cookie not protected (httponly)

OFBIZ-1525 Prevent the possible return of the Robot attack

OFBIZ-1525 [FB] Find Security Bugs

OFBIZ-1525 Secure the login.secret_key_string

OFBIZ-1525 Enhance cookies security

OFBIZ-1525 Update Tomcat to 8.0.42 because of CVE-2017-5648

OFBIZ-1525 On setting verbose true, UtilHttp.getParameterMap() method prints username and password in logs

OFBIZ-1525 Check embedded Javascript libs vulnerabilities using retire.js

OFBIZ-1525 Missing file results in error

OFBIZ-1525 Upgrade Tomcat to 8.0.39

OFBIZ-1525 Update Shiro to 1.2.5 (CVE-2016-4437)

OFBIZ-1525 Upgrade Tomcat to 8.5.3 (or 8.0.36)

OFBIZ-1525 Ugrade PDFBox to 1.8.12 (or 2.0.1?) due to vulnerability

OFBIZ-1525 Pagination Problem in Find Invoices By Due Date

OFBIZ-1525 Use SecureRandom instead of Random where appropriate, and randomUUID for externalKey

OFBIZ-1525 Remove duplicated jars under solr component

OFBIZ-1525 Update XStream lib to prevent XML External Entity (XXE) Processing

OFBIZ-1525 Comment out RMI related code because of the Java deserialization issue [CVE-2016-2170]

OFBIZ-1525 Replace the contrast Java agent by the notsoserial Java agent

OFBIZ-1525 Upgrade Axis2 to 1.7.1

OFBIZ-1525 Upgrade Tomcat to 8.0.33

OFBIZ-1525 Update Tomcat to 7.0.68

OFBIZ-1525 Update Xalan libs to version 2.7.2 because of CVE-2014-0107

OFBIZ-1525 Hide sessionId in logs by default, show them using a properties

OFBIZ-1525 Remove forceHttpSession feature

OFBIZ-1525 Remove all sessionsIds put in URLs

OFBIZ-1525 Get rid of the session-cookie-accepted feature

OFBIZ-1525 Remove forceManualJsessionid feature

OFBIZ-1525 Use only HTTPS in OFBiz

OFBIZ-1525 The renderContentAsText method should configure text sanitizer by "sanitizer.permissive.policy" in owasp.properties

OFBIZ-1525 Secure HTTP headers

OFBIZ-1525 Remove useless and vulnerable hadoop-hdfs-2.2.0.jar

OFBIZ-1525 Update the passport component to use httpclient/core-4.4.1 instead of commons-httpclient-3.1

OFBIZ-1525 Update Spring Framework

OFBIZ-1525 Updates Tomcat to 7.0.65

OFBIZ-1525 POI security fix

OFBIZ-1525 Update commons collections to 3.2.2 because of known possible exploit [CVE-2016-2170]

OFBIZ-1525 Add session tracking mode and make cookie secure

OFBIZ-1525 Update Groovy to 2.4.5 version [CVE-2016-2170]

OFBIZ-1525 XSS vulnerability in OFBiz forms and screens especially in display-entity component

OFBIZ-1525 Update embedded Tomcat to 7.0.57

OFBIZ-1525 Poodle-disable sslv3

OFBIZ-1525 Upgrade Axis2 to 1.6.3

OFBIZ-1525 Analysis of code vulnerabilities

OFBIZ-1525 Additional Validation for Password : Make password pattern driven

OFBIZ-1525 Any ecommerce user has the ability to reset anothers password (including admin) via "Forget Your Password"

OFBIZ-1525 Upgrade Tomcat version to 6.0.24

OFBIZ-1525 Security concern in the way to populate parameters map in the context

OFBIZ-1525 entity encrypt columns not using encryption salt value?

OFBIZ-1525 Security : The remote web server is prone to cross-site scripting attacks.

OFBIZ-1525 special security should be required for setting passwords

OFBIZ-1525 Secure targets in widget forms

OFBIZ-1525 Secure URLs exceptions

OFBIZ-1525 Secure URLs

OFBIZ-1525 Remaining XSRF issues

OFBIZ-1525 Set widget default url encode value to true

OFBIZ-1525 html code is not sanitized in all the text input field

OFBIZ-1525 Passwords are not salted

OFBIZ-1525 Passwords in POS are shown in clear text

OFBIZ-1525 Cross Site Scripting Vulnerability (XSS)

OFBIZ-1525 Cross site scripting vulnerability in Forum