Export - CSV (All fields)
Export - CSV (Current fields)
OFBIZ-13162
[SECURITY] (CVE-2024-48962) Enhance Parameter Encoding in MacroMenuRenderer
[SECURITY] (CVE-2024-47208) Update method to check if the string starts with component:// instead of merely containing it
[CVE-2024-45507] Add validation to screen/script URI to block URL patterns
[CVE-2024-45195] Add permission check for view-maps and change defaults for request-maps
[CVE-2024-38856] Add permission check for ProgramExport and EntitySQLProcessor
CVE-2024-34750 Apache Tomcat - Denial of Service
[SECURITY] (CVE-2024-36104) Path traversal leading to RCE
[SECURITY] (CVE-2024-32113) Path traversal leading to RCE
[SECURITY] Several CVEs in Apache Tomcat
[SECURITY] In Solr fixe NPE in FieldLengthFeature with non-stored/missing fields.
[SECURITY] (CVE-2024-25065) Normalize contextPath in hasBasePermission
[SECURITY] (CVE-2024-23946) Don't need to show files names in UI messages
[SECURITY: CVE-2023-50968] Use screen engine for the request getJSONuilabels
[SECURITY: CVE-2023-51467] Replaced direct null checks on username, password, and token with UtilValidate.isEmpty() method calls for consistency.
[SECURITY] Upgrade Apache Shiro to 1.13.0 to fix CVE-2023-46750
[SECURITY] Several CVEs in Apache Tomcat
Execution of queries without authentication
Improve use of RandomStringUtils where it's potentially used in an insecure way
[CVE-2023-34478] Apache Shiro, before 1.12.0, is susceptible to a path traversal attack
[SECURITY] CVE-2023-34981 Apache Tomcat
Disable the Birt component in all branches (including trunk) because of CVE-2022-25371
[SECURITY] Remove deprecated Apache XML-RPC related code (CVE-2023-49070)
Disallow string concatenation in uploaded files
[CVE-2022-47501] Arbitrary file reading vulnerability in Solr
[SECURITY] CVE-2023-28708 Apache Tomcat - Information Disclosure
CVE-2023-24998 Apache Commons FileUpload and Tomcat - DoS with excessive parts
CVE-2022-45143 Apache Tomcat - JsonErrorReportValve injection
Update Apache Shiro to 1.10.1
Update Tomcat to 9.0.68 due to a low security issue
Upgrade Tomcat from 9.0.60 to 9.0.65
[SECURITY] Upgrade Tika to 1.28.4
Update Solr and Lucene from 8.11.1 to 8.11.2 for security reason
Java Deserialization vulnerability in Apache OfBiz (CVE-2022-29063)
Regular expression denial of service in jquery-validation
[SECURITY] Upgrade Tika to 1.28.3
In UtilHttp, for regex processing of urls, replace Java regexp with RE2J
Prevent Freemarker interpolation in fields
Prevent possible DOS attack done using Java deserialisation
Stored XSS in webappPath parameter from content/control/EditWebSite
Prevent post-Auth vulnerability: FreeMarker Bypass
CLONE - [SECURITY] Upgrade Tika to 1.28.1
[SECURITY] Upgrade Tika to 2.3.0 or more
Possible authenticated attack related to Tomcat CVE-2020-1938
[SECURITY] CVE-2022-23437: Infinite loop within Apache XercesJ xml parser
Upgrade Tomcat from 9.0.54 to 9.0.58
[SECURITY] CVE-2021-44832: Apache Log4j2
[SECURITY] Update TIka because of Apache Log4j2 vulnerability
[SECURITY] CVE-2021-45105: Apache Log4j2
Update Solr and Lucene to address several CVEs (including Log4j)
[SECURITY] CVE-2021-44228: Apache Log4j2