You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@ofbiz.apache.org by jl...@apache.org on 2023/05/25 14:28:13 UTC

[ofbiz-plugins] 02/02: Fixed: Disable the Birt component in all branches (including trunk) because of CVE-2022-25371 (OFBIZ-12824)

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-plugins.git

commit 43cd385e360d15f0b9d3ee2d1978500ae9d7abf8
Author: Jacques Le Roux <ja...@les7arts.com>
AuthorDate: Thu May 25 14:45:59 2023 +0200

    Fixed: Disable the Birt component in all branches (including trunk) because of CVE-2022-25371 (OFBIZ-12824)
    
    See https://lists.apache.org/thread/bvp3sczqq863lxr1wh7wjvdtjbkcwspq
    
    No patches were provided because only 18.12.06 was concerned so far
---
 birt/ofbiz-component.xml         | 8 ++++++--
 birt/src/docs/asciidoc/birt.adoc | 7 +++++++
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/birt/ofbiz-component.xml b/birt/ofbiz-component.xml
index 5e58dec61..7780467b0 100644
--- a/birt/ofbiz-component.xml
+++ b/birt/ofbiz-component.xml
@@ -18,7 +18,11 @@ specific language governing permissions and limitations
 under the License.
 -->
 
-<ofbiz-component name="birt" enabled="true"
+<!--
+   Warning: before you enable this component please read:
+https://cwiki.apache.org/confluence/display/OFBIZ/Using+BIRT+with+OFBiz
+-->
+<ofbiz-component name="birt" enabled="false"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:noNamespaceSchemaLocation="https://ofbiz.apache.org/dtds/ofbiz-component.xsd">
     <resource-loader name="main" type="component"/>
@@ -40,7 +44,7 @@ under the License.
     <entity-resource type="model" reader-name="main" loader="main" location="entitydef/ServiceReportsView.xml"/>
 
     <service-resource type="model" loader="main" location="servicedef/services.xml"/>
-   
+
     <!-- this overrides the accounting, facility and order applications in order to use Birt in these applications -->
     <webapp name="accounting"
         title="Accounting"
diff --git a/birt/src/docs/asciidoc/birt.adoc b/birt/src/docs/asciidoc/birt.adoc
index 8c347472d..b5851b5fb 100644
--- a/birt/src/docs/asciidoc/birt.adoc
+++ b/birt/src/docs/asciidoc/birt.adoc
@@ -18,6 +18,13 @@ under the License.
 ////
 = Birt OFBiz® plugin
 The Apache OFBiz Project
+
+[CAUTION]
+====
+By default the Birt plugin is disabled for security reason, see the Birt ofbiz-component.xml file for more info.
+
+====
+
 ifdef::backend-pdf[]
 :title-logo-image: image::images/OFBiz-Logo.svg[Apache OFBiz Logo, pdfwidth=4.25in, align=center]
 :source-highlighter: rouge