You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@ofbiz.apache.org by GitBox <gi...@apache.org> on 2022/04/04 07:21:44 UTC

[GitHub] [ofbiz-framework]: Workflow run "Java CI with Gradle" is working again!

The GitHub Actions job "Java CI with Gradle" on ofbiz-framework.git has succeeded.
Run started by GitHub user asfgit (triggered by asfgit).

Head commit for run:
3284ad3994331eb322966d1488ed37c8e1b52220 / Jacques Le Roux <ja...@les7arts.com>
Improved: Prevent Freemarker interpolation in fields (OFBIZ-12594)

OFBIZ_12587 is a definitive solution to prevent any kind of Freemarker exploits.
But it's hard to realise because OFBiz exposes objects, like attributes from the
Servlet scopes. So in the meantime preventing Freemarker interpolation in fields
is a pragmatic solution.

This is an improvement but needs to be backported because it kinda affects
security

Report URL: https://github.com/apache/ofbiz-framework/actions/runs/2088308471

With regards,
GitHub Actions via GitBox