You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ofbiz.apache.org by Jacques Le Roux <ja...@les7arts.com> on 2021/03/12 08:19:41 UTC
Re: [jira] [Commented] (OFBIZ-12195) webtools/control/threadList no
longer works on trunk (only)
Hi,
After fixing this issue, I believe we should use Freemarker 2.3.31 in all supported branches because of possible (low but who knows...) security
issues fixed since 2.3.30
What do you think?
Jacques
Le 12/03/2021 à 09:01, ASF subversion and git services (Jira) a écrit :
> [ https://issues.apache.org/jira/browse/OFBIZ-12195?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17300124#comment-17300124 ]
>
> ASF subversion and git services commented on OFBIZ-12195:
> ---------------------------------------------------------
>
> Commit 9dd2a255e95c10588004e4fdfb794ab23d173103 in ofbiz-framework's branch refs/heads/release17.12 from Jacques Le Roux
> [ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=9dd2a25 ]
>
> Fixed: webtools/control/threadList no longer works on trunk (only) (OFBIZ-12195)
>
> It works if we downgrade Freemarker to 2.3.28 as in R18 and even using 2.3.29,
> not 2.3.30.
>
> Handles things at the Groovy level, ie put in context, rather than creating
> in Freemarker template.
>
> It's backported, even if it's not a pb but in trunk, because it's a (low)
> security issue.
>
>
>> webtools/control/threadList no longer works on trunk (only)
>> -----------------------------------------------------------
>>
>> Key: OFBIZ-12195
>> URL: https://issues.apache.org/jira/browse/OFBIZ-12195
>> Project: OFBiz
>> Issue Type: Sub-task
>> Components: framework/webtools
>> Affects Versions: Trunk
>> Reporter: Jacques Le Roux
>> Assignee: Jacques Le Roux
>> Priority: Major
>> Fix For: Upcoming Branch
>>
>>
>> This can be currently tested at https://demo-trunk.ofbiz.apache.org/webtools/control/threadList
>> R18 and R17 are OK
>
>
> --
> This message was sent by Atlassian Jira
> (v8.3.4#803005)
Re: [jira] [Commented] (OFBIZ-12195) webtools/control/threadList no
longer works on trunk (only)
Posted by Jacques Le Roux <ja...@les7arts.com>.
Hi,
I have created https://issues.apache.org/jira/browse/OFBIZ-12196 for that
As I said there, without answers in a week I'll do so...
Jacques
Le 12/03/2021 à 09:19, Jacques Le Roux a écrit :
> Hi,
>
> After fixing this issue, I believe we should use Freemarker 2.3.31 in all supported branches because of possible (low but who knows...) security
> issues fixed since 2.3.30
>
> What do you think?
>
> Jacques
>
> Le 12/03/2021 à 09:01, ASF subversion and git services (Jira) a écrit :
>> [
>> https://issues.apache.org/jira/browse/OFBIZ-12195?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17300124#comment-17300124
>> ]
>>
>> ASF subversion and git services commented on OFBIZ-12195:
>> ---------------------------------------------------------
>>
>> Commit 9dd2a255e95c10588004e4fdfb794ab23d173103 in ofbiz-framework's branch refs/heads/release17.12 from Jacques Le Roux
>> [ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=9dd2a25 ]
>>
>> Fixed: webtools/control/threadList no longer works on trunk (only) (OFBIZ-12195)
>>
>> It works if we downgrade Freemarker to 2.3.28 as in R18 and even using 2.3.29,
>> not 2.3.30.
>>
>> Handles things at the Groovy level, ie put in context, rather than creating
>> in Freemarker template.
>>
>> It's backported, even if it's not a pb but in trunk, because it's a (low)
>> security issue.
>>
>>
>>> webtools/control/threadList no longer works on trunk (only)
>>> -----------------------------------------------------------
>>>
>>> Key: OFBIZ-12195
>>> URL: https://issues.apache.org/jira/browse/OFBIZ-12195
>>> Project: OFBiz
>>> Issue Type: Sub-task
>>> Components: framework/webtools
>>> Affects Versions: Trunk
>>> Reporter: Jacques Le Roux
>>> Assignee: Jacques Le Roux
>>> Priority: Major
>>> Fix For: Upcoming Branch
>>>
>>>
>>> This can be currently tested at https://demo-trunk.ofbiz.apache.org/webtools/control/threadList
>>> R18 and R17 are OK
>>
>>
>> --
>> This message was sent by Atlassian Jira
>> (v8.3.4#803005)
>