You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ofbiz.apache.org by Jacques Le Roux <ja...@les7arts.com> on 2016/02/23 11:42:55 UTC
CVE-2014-0107 not reported?
Hi,
When I checked Apache OFBiz https://ofbiz.apache.org/ Dependency Check did not return CVE-2014-0107
Since I fixed the issue at https://issues.apache.org/jira/browse/OFBIZ-6905 if you want to check this by yourself you not only need to checkout OFBiz
trunk
svn co http://svn.apache.org/repos/asf/ofbiz/trunk
but also revert r1730882
svn merge -c -1730882 https://svn.apache.org/repos/asf/ofbiz/trunk
I just did that and attach the resulting dependency-check-report.html zipped
I have also created a page in our wiki where I explain how to use Dependency Check in our project. I put an up to date suppress file there.
Thanks for this great tool and your help.
Jacques