You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ofbiz.apache.org by Jacques Le Roux <ja...@les7arts.com> on 2016/02/23 11:42:55 UTC

CVE-2014-0107 not reported?

Hi,

When I checked Apache OFBiz https://ofbiz.apache.org/ Dependency Check did not return CVE-2014-0107

Since I fixed the issue at https://issues.apache.org/jira/browse/OFBIZ-6905 if you want to check this by yourself you not only need to checkout OFBiz 
trunk
svn co http://svn.apache.org/repos/asf/ofbiz/trunk
but also revert r1730882
svn merge -c -1730882 https://svn.apache.org/repos/asf/ofbiz/trunk

I just did that and attach the resulting dependency-check-report.html zipped

I have also created a page in our wiki where I explain how to use Dependency Check in our project. I put an up to date suppress file there.

Thanks for this great tool and your help.

Jacques