Bulk Operation

  1. Choose Issues
  2. Choose Operation
  3. Operation Details
  4. Confirmation

Step 1 of 4: Choose Issues

Cancel

T Patch Info Key Summary Assignee Reporter P Status Resolution Created Updated Due Development
Sub-task OFBIZ-12316

OFBIZ-1525 The Solr version included in OFBiz has an SSRF vulnerability (CVE-2021-27905)

Jacques Le Roux Jacques Le Roux Major Closed Fixed  
Sub-task OFBIZ-12315

OFBIZ-1525 OFBiz Arbitrary file read vulnerability

Jacques Le Roux Jacques Le Roux Major Closed Not A Problem  
Sub-task OFBIZ-12307

OFBIZ-1525 CVE-2021-37608 vulnerability bypass

Jacques Le Roux thiscodecc Major Closed Fixed  
Sub-task OFBIZ-12306

OFBIZ-1525 Found a new XXE (XML External Entity Injection) vulnerability in ArtifactInfo

Jacques Le Roux thiscodecc Major Closed Fixed  
Sub-task OFBIZ-12304

OFBIZ-1525 Found a new XXE (XML External Entity Injection) vulnerability in EntityImport

Jacques Le Roux thiscodecc Major Closed Fixed  
Sub-task OFBIZ-12301

OFBIZ-1525 SecuredUpload::isValidTextFile wrong check with uppercase

Jacques Le Roux Jacques Le Roux Major Closed Fixed  
Sub-task OFBIZ-12297

OFBIZ-1525 Wrong uploaded file checked in Image Management [CVE-2021-37608]

Jacques Le Roux Jacques Le Roux Blocker Closed Fixed  
Sub-task OFBIZ-12256

OFBIZ-1525 Update PDFBox to 2.0.24 because of CVE-2021-31811 & CVE-2021-31812

Jacques Le Roux Jacques Le Roux Major Closed Fixed  
Sub-task OFBIZ-12221

OFBIZ-1525 Fixed ObjectInputStream denyList [CVE-2021-30128]

Jacques Le Roux Jacques Le Roux Critical Closed Implemented  
Sub-task OFBIZ-12216

OFBIZ-1525 Fixed UtilObject class [CVE-2021-29200]

Jacques Le Roux Jacques Le Roux Critical Closed Implemented  
Sub-task OFBIZ-12212

OFBIZ-1525 Comment out the SOAP and HTTP engines - Fix [CVE-2021-30128]

Jacques Le Roux Jacques Le Roux Blocker Closed Done  
Sub-task OFBIZ-12205

OFBIZ-1525 Upgrade Apache PDFBox to 2.0.23 because of CVE-2021-27807 and CVE-2021-27906

Jacques Le Roux Jacques Le Roux Major Closed Fixed  
Sub-task OFBIZ-12195

OFBIZ-1525 webtools/control/threadList no longer works on trunk (only)

Jacques Le Roux Jacques Le Roux Major Closed Fixed  
Sub-task OFBIZ-12186

OFBIZ-1525 Dependency verification

Unassigned Jacques Le Roux Major Open Unresolved  
Sub-task OFBIZ-12167

OFBIZ-1525 Adds a blacklist (to be renamed soon to denylist) in Java serialisation (CVE-2021-26295)

Jacques Le Roux Jacques Le Roux Major Closed Fixed  
Sub-task OFBIZ-12165

OFBIZ-1525 Upgrade Tomcat from 9.0.41 to 9.0.43

Michael Brohl Michael Brohl Minor Closed Fixed  
Sub-task OFBIZ-12098

OFBIZ-1525 Make ruleName field in PriceForms.xml#AddPriceRules safe

Jacques Le Roux Jacques Le Roux Major Closed Fixed  
Sub-task OFBIZ-12096

OFBIZ-1525 Post-auth XSS vulnerability at catalog/control/EditProductPromo

Jacques Le Roux Jacques Le Roux Major Closed Fixed  
Sub-task OFBIZ-12080

OFBIZ-1525 Secure the uploads

Jacques Le Roux Jacques Le Roux Major Closed Fixed  
Sub-task OFBIZ-12057

OFBIZ-1525 Prevent arbitary file write using webtools/control/EntitySQLProcessor.

Jacques Le Roux Jacques Le Roux Major Closed Fixed  
Sub-task OFBIZ-12056

OFBIZ-1525 Prevent Zip Slip vulnerability

Jacques Le Roux Jacques Le Roux Major Closed Fixed  
Sub-task OFBIZ-12055

OFBIZ-1525 Prevent possible post-auth RCE from webtools/control/ProgramExport

Jacques Le Roux Jacques Le Roux Minor Closed Fixed  
Sub-task OFBIZ-11949

OFBIZ-1525 Local File Inclusion vulnerability

Jacques Le Roux Jacques Le Roux Major Closed Duplicate  
Sub-task OFBIZ-11948

OFBIZ-1525 Remote Code Execution (File Upload) Vulnerability

Jacques Le Roux Jacques Le Roux Major Closed Duplicate  
Sub-task OFBIZ-11942

OFBIZ-1525 Check if <<request.getParameter(">> meme needs encoding in some place

Jacques Le Roux Jacques Le Roux Major Closed Not A Problem  
Sub-task OFBIZ-11871

OFBIZ-1525 Server-Side Template Injection using Static

Jacques Le Roux Jacques Le Roux Major Closed Fixed  
Sub-task OFBIZ-11848

OFBIZ-1525 Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)

Michael Brohl Michael Brohl Major Closed Fixed  
Sub-task OFBIZ-11847

OFBIZ-1525 CLONE - Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)

Michael Brohl Michael Brohl Major Closed Incomplete  
Sub-task OFBIZ-11840

OFBIZ-1525 Reflected XSS in content component

Jacques Le Roux Jacques Le Roux Major Closed Fixed  
Sub-task OFBIZ-11836

OFBIZ-1525 IDOR vulnerability in the order processing feature in ecommerce component (CVE-2020-13923)

Jacques Le Roux Jacques Le Roux Major Closed Fixed  
Sub-task OFBIZ-11752

OFBIZ-1525 CLONE - Check embedded Javascript libs vulnerabilities using retire.js

Aditya Sharma Aditya Sharma Major Closed Fixed  
Sub-task OFBIZ-11716

OFBIZ-1525 Apache OFBiz unsafe deserialization of XMLRPC arguments (CVE-2020-9496)

Jacques Le Roux Jacques Le Roux Major Closed Fixed  
Sub-task OFBIZ-11709

OFBIZ-1525 Prevent FreeMarker Template Injection (SSTI)

Jacques Le Roux Jacques Le Roux Critical Closed Fixed  
Sub-task OFBIZ-11643

OFBIZ-1525 CLONE - Use only HTTPS in OFBiz

Jacques Le Roux Jacques Le Roux Major Closed Won't Do  
Sub-task OFBIZ-11583

OFBIZ-1525 Prevent Host Header Injection (CVE-2019-12425)

Jacques Le Roux Jacques Le Roux Major Closed Fixed  
Sub-task OFBIZ-11477

OFBIZ-1525 Improve Web Content Caching

Jacques Le Roux Jacques Le Roux Major Closed Implemented  
Sub-task OFBIZ-11470

OFBIZ-1525 Ensure that the SameSite attribute is set to 'strict' for all cookies. (CVE-2019-0235)

Jacques Le Roux Jacques Le Roux Major Closed Fixed  
Sub-task OFBIZ-11407

OFBIZ-1525 Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938)

Michael Brohl Michael Brohl Major Closed Implemented  
Sub-task OFBIZ-11349

OFBIZ-1525 The "stream" request-map in ecommerce and commonext controllers requires authentication

Jacques Le Roux Jacques Le Roux Major Closed Fixed  
Sub-task OFBIZ-11348

OFBIZ-1525 Temporarily comment out the "stream" request-map in ecommerce controller for security reason

Jacques Le Roux Jacques Le Roux Blocker Closed Fixed  
Sub-task OFBIZ-11306

OFBIZ-1525 POC for CSRF Token (CVE-2019-0235)

Jacques Le Roux James Yong Minor Closed Implemented  
Sub-task OFBIZ-11197

OFBIZ-1525 Arbitrary Code Execution

Jacques Le Roux Jacques Le Roux Major Closed Fixed  
Sub-task OFBIZ-11196

OFBIZ-1525 Path Traversal in webtools/control/FetchLogs and ViewFile

Jacques Le Roux Jacques Le Roux Major Closed Fixed  
Sub-task OFBIZ-11195

OFBIZ-1525 XML Entity Injection in webtools/control/entityImport

Jacques Le Roux Jacques Le Roux Major Closed Fixed  
Sub-task OFBIZ-11006

OFBIZ-1525 Create customer request screen breaks when entering special characters (CVE-2019-10074)

Scott Gray Scott Gray Major Closed Fixed  
Sub-task OFBIZ-10920

OFBIZ-1525 Update Tomcat to 9.0.18 due to CVE-2019-0232

Jacques Le Roux Jacques Le Roux Major Closed Fixed  
Sub-task OFBIZ-10873

OFBIZ-1525 Update Tomcat to 9.0.16 due to CVE-2019-0199

Jacques Le Roux Jacques Le Roux Major Closed Fixed  
Sub-task OFBIZ-10843

OFBIZ-1525 Replace SHA-1 by SHA-512

Unassigned Jacques Le Roux Major Open Unresolved  
Sub-task OFBIZ-10837

OFBIZ-1525 Improve ObjectInputStream class (CVE-2019-0189)

Jacques Le Roux Jacques Le Roux Major Closed Implemented  
Sub-task OFBIZ-10828

OFBIZ-1525 Html escaping missing for portalPageId parameter of Help button

Deepak Dixit Deepak Dixit Major Closed Fixed  
Sub-task OFBIZ-10770

OFBIZ-1525 Update Apache commons-fileupload to last version (CVE-2019-0189)

Jacques Le Roux Jacques Le Roux Minor Closed Implemented  
Sub-task OFBIZ-10678

OFBIZ-1525 CLONE - Check embedded Javascript libs vulnerabilities using retire.js

Aditya Sharma Jacques Le Roux Blocker Closed Fixed  
Sub-task OFBIZ-10435

OFBIZ-1525 improve XML parsing with more restrictive settings

Taher Alkhateeb Taher Alkhateeb Major Closed Fixed  
Sub-task OFBIZ-10427

OFBIZ-1525 Add a mean to handle CSRF (CVE-2019-0235)

Jacques Le Roux Jacques Le Roux Minor Closed Duplicate  
Sub-task OFBIZ-10420

OFBIZ-1525 Session fixation issue

Jacques Le Roux Jacques Le Roux Major Closed Fixed  
Sub-task OFBIZ-10415

OFBIZ-1525 Update Solr and Lucene from 7.2.1 to Solr 7.3.1 for security reason (CVE-2018-8010)

Jacques Le Roux Jacques Le Roux Minor Closed Implemented  
Sub-task OFBIZ-10286

OFBIZ-1525 JSESSIONID root cookie not protected (httponly)

Jacques Le Roux Jacques Le Roux Minor Closed Cannot Reproduce  
Sub-task OFBIZ-10085

OFBIZ-1525 Prevent the possible return of the Robot attack

Jacques Le Roux Jacques Le Roux Minor Closed Incomplete  
Sub-task OFBIZ-9973

OFBIZ-1525 [FB] Find Security Bugs

Jacques Le Roux Jacques Le Roux Major Closed Fixed  
Sub-task OFBIZ-9966

OFBIZ-1525 Secure the login.secret_key_string

Jacques Le Roux Jacques Le Roux Minor Closed Won't Fix  
Sub-task OFBIZ-9865

OFBIZ-1525 Enhance cookies security

Jacques Le Roux Jacques Le Roux Minor Closed Won't Fix  
Sub-task OFBIZ-9313

OFBIZ-1525 Update Tomcat to 8.0.42 because of CVE-2017-5648

Jacques Le Roux Jacques Le Roux Trivial Closed Fixed  
Sub-task OFBIZ-9310

OFBIZ-1525 On setting verbose true, UtilHttp.getParameterMap() method prints username and password in logs

Jacques Le Roux Aditya Sharma Major Closed Fixed  
Sub-task OFBIZ-9269

OFBIZ-1525 Check embedded Javascript libs vulnerabilities using retire.js

Jacques Le Roux Jacques Le Roux Major Closed Fixed  
Sub-task OFBIZ-9198

OFBIZ-1525 Missing file results in error

Jacques Le Roux Ingo Wolfmayr Major Closed Fixed  
Sub-task OFBIZ-9124

OFBIZ-1525 Upgrade Tomcat to 8.0.39

Jacques Le Roux Jacques Le Roux Major Closed Fixed  
Sub-task OFBIZ-7373

OFBIZ-1525 Update Shiro to 1.2.5 (CVE-2016-4437)

Jacques Le Roux Jacques Le Roux Major Closed Done  
Sub-task OFBIZ-7348

OFBIZ-1525 Upgrade Tomcat to 8.5.3 (or 8.0.36)

Jacques Le Roux Jacques Le Roux Trivial Closed Fixed  
Sub-task OFBIZ-7136

OFBIZ-1525 Ugrade PDFBox to 1.8.12 (or 2.0.1?) due to vulnerability

Jacques Le Roux Jacques Le Roux Major Closed Done  
Sub-task OFBIZ-7070

OFBIZ-1525 Pagination Problem in Find Invoices By Due Date

Jacques Le Roux Jacques Le Roux Major Closed Fixed  
Sub-task OFBIZ-7028

OFBIZ-1525 Use SecureRandom instead of Random where appropriate, and randomUUID for externalKey

Jacques Le Roux Jacques Le Roux Minor Closed Fixed  
Sub-task OFBIZ-7026

OFBIZ-1525 Remove duplicated jars under solr component

Shi Jinghai Shi Jinghai Trivial Closed Fixed  
Sub-task OFBIZ-6959

OFBIZ-1525 Update XStream lib to prevent XML External Entity (XXE) Processing

Jacques Le Roux Jacques Le Roux Major Closed Fixed  
Sub-task OFBIZ-6942

OFBIZ-1525 Comment out RMI related code because of the Java deserialization issue [CVE-2016-2170]

Jacques Le Roux Jacques Le Roux Major Closed Fixed  
Sub-task OFBIZ-6926

OFBIZ-1525 Replace the contrast Java agent by the notsoserial Java agent

Jacques Le Roux Jacques Le Roux Major Closed Fixed  
Sub-task OFBIZ-6916

OFBIZ-1525 Upgrade Axis2 to 1.7.1

Jacques Le Roux Jacques Le Roux Major Closed Fixed  
Sub-task OFBIZ-6915

OFBIZ-1525 Upgrade Tomcat to 8.0.33

Jacques Le Roux Chatree Srichart Major Closed Fixed 24/Feb/16
Sub-task OFBIZ-6913

OFBIZ-1525 Update Tomcat to 7.0.68

Jacques Le Roux Jacques Le Roux Major Closed Fixed  
Sub-task OFBIZ-6905

OFBIZ-1525 Update Xalan libs to version 2.7.2 because of CVE-2014-0107

Jacques Le Roux Jacques Le Roux Major Closed Fixed  
Sub-task OFBIZ-6886

OFBIZ-1525 Hide sessionId in logs by default, show them using a properties

Jacques Le Roux Jacques Le Roux Minor Closed Implemented  
Sub-task OFBIZ-6879

OFBIZ-1525 Remove forceHttpSession feature

Jacques Le Roux Jacques Le Roux Major Closed Done  
Sub-task OFBIZ-6872

OFBIZ-1525 Remove all sessionsIds put in URLs

Jacques Le Roux Jacques Le Roux Major Closed Done  
Sub-task OFBIZ-6871

OFBIZ-1525 Get rid of the session-cookie-accepted feature

Jacques Le Roux Jacques Le Roux Minor Closed Done  
Sub-task OFBIZ-6867

OFBIZ-1525 Remove forceManualJsessionid feature

Jacques Le Roux Jacques Le Roux Major Closed Done  
Sub-task OFBIZ-6849

OFBIZ-1525 Use only HTTPS in OFBiz

Jacques Le Roux Jacques Le Roux Major Closed Implemented  
Sub-task OFBIZ-6769

OFBIZ-1525 The renderContentAsText method should configure text sanitizer by "sanitizer.permissive.policy" in owasp.properties

Jacques Le Roux Supachai Chaima-ngua (Tor) Minor Closed Invalid  
Sub-task OFBIZ-6766

OFBIZ-1525 Secure HTTP headers

Jacques Le Roux Jacques Le Roux Major Closed Fixed  
Sub-task OFBIZ-6756

OFBIZ-1525 Remove useless and vulnerable hadoop-hdfs-2.2.0.jar

Jacques Le Roux Jacques Le Roux Major Closed Fixed  
Sub-task OFBIZ-6755

OFBIZ-1525 Update the passport component to use httpclient/core-4.4.1 instead of commons-httpclient-3.1

Shi Jinghai Jacques Le Roux Major Closed Fixed  
Sub-task OFBIZ-6754

OFBIZ-1525 Update Spring Framework

Jacques Le Roux Jacques Le Roux Major Closed Fixed  
Sub-task OFBIZ-6752

OFBIZ-1525 Updates Tomcat to 7.0.65

Jacques Le Roux Jacques Le Roux Major Closed Fixed  
Sub-task OFBIZ-6751

OFBIZ-1525 POI security fix

Jacques Le Roux Jacques Le Roux Major Closed Fixed  
Sub-task OFBIZ-6726

OFBIZ-1525 Update commons collections to 3.2.2 because of known possible exploit [CVE-2016-2170]

Jacques Le Roux Jacques Le Roux Major Closed Done  
Sub-task OFBIZ-6655

OFBIZ-1525 Add session tracking mode and make cookie secure

Jacques Le Roux Deepak Dixit Major Closed Fixed  
Sub-task OFBIZ-6568

OFBIZ-1525 Update Groovy to 2.4.5 version [CVE-2016-2170]

Jacopo Cappellato Jacques Le Roux Major Closed Fixed  
Sub-task OFBIZ-6506

OFBIZ-1525 XSS vulnerability in OFBiz forms and screens especially in display-entity component

Jacques Le Roux Lilian Iatco Major Closed Fixed  
Sub-task OFBIZ-5881

OFBIZ-1525 Update embedded Tomcat to 7.0.57

Jacques Le Roux Jacques Le Roux Minor Closed Done  
Sub-task OFBIZ-5848

OFBIZ-1525 Poodle-disable sslv3

Jacques Le Roux Poodle Fixer Critical Closed Fixed  
Sub-task OFBIZ-5801

OFBIZ-1525 Upgrade Axis2 to 1.6.3

Jacques Le Roux Jacques Le Roux Minor Closed Fixed  
Sub-task OFBIZ-5357

OFBIZ-1525 Analysis of code vulnerabilities

Unassigned Sumit Pandit Major Closed Incomplete  
Sub-task OFBIZ-4958

OFBIZ-1525 Additional Validation for Password : Make password pattern driven

Jacques Le Roux Sumit Pandit Major Closed Fixed  
Sub-task OFBIZ-4361

OFBIZ-1525 Any ecommerce user has the ability to reset anothers password (including admin) via "Forget Your Password"

Jacques Le Roux mz4wheeler Major Closed Fixed  
Sub-task OFBIZ-3424

OFBIZ-1525 Upgrade Tomcat version to 6.0.24

Erwan de Ferrieres Erwan de Ferrieres Major Closed Fixed  
Sub-task OFBIZ-3257

OFBIZ-1525 Security concern in the way to populate parameters map in the context

David E. Jones Patrick Antivackis Major Closed Fixed  
Sub-task OFBIZ-3006

OFBIZ-1525 entity encrypt columns not using encryption salt value?

Adam Heath chris snow Major Closed Fixed  
Sub-task OFBIZ-2747

OFBIZ-1525 Security : The remote web server is prone to cross-site scripting attacks.

Scott Gray Alexandre Mazari Critical Closed Fixed  
Sub-task OFBIZ-2729

OFBIZ-1525 special security should be required for setting passwords

Unassigned Si Chen Major Open Unresolved  
Sub-task OFBIZ-2449

OFBIZ-1525 Secure targets in widget forms

Jacques Le Roux Jacques Le Roux Major Closed Not A Problem  
Sub-task OFBIZ-2272

OFBIZ-1525 Secure URLs exceptions

Jacques Le Roux Jacques Le Roux Major Closed Not A Problem  
Sub-task OFBIZ-2256

OFBIZ-1525 Secure URLs

Jacques Le Roux Jacques Le Roux Major Closed Won't Fix  
Sub-task OFBIZ-1959

OFBIZ-1525 Remaining XSRF issues

Jacques Le Roux Michele Orru Critical Closed Fixed  
Sub-task OFBIZ-1690

OFBIZ-1525 Set widget default url encode value to true

Jacques Le Roux Bilgin Ismet Ibryam Minor Closed Not A Problem  
Sub-task OFBIZ-1193

OFBIZ-1525 html code is not sanitized in all the text input field

David E. Jones Vikrant Rathore Major Closed Fixed  
Sub-task OFBIZ-1151

OFBIZ-1525 Passwords are not salted

Adam Heath Wickersheimer Jeremy Minor Open Unresolved  
Sub-task OFBIZ-1106

OFBIZ-1525 Passwords in POS are shown in clear text

Jacques Le Roux Chris Lombardi Minor Closed Fixed  
Sub-task OFBIZ-260

OFBIZ-1525 Cross Site Scripting Vulnerability (XSS)

David E. Jones Marco Risaliti Major Closed Fixed  
Sub-task OFBIZ-178

OFBIZ-1525 Cross site scripting vulnerability in Forum

David E. Jones Eriks Dobelis Major Closed Fixed  

Cancel