You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by jl...@apache.org on 2021/09/13 08:12:51 UTC
[ofbiz-framework] branch release17.12 updated: Fixed: Found a new
XXE (XML External Entity Injection) vulnerability in EntityImport
(OFBIZ-12304)
This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch release17.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/release17.12 by this push:
new 95ec51e Fixed: Found a new XXE (XML External Entity Injection) vulnerability in EntityImport (OFBIZ-12304)
95ec51e is described below
commit 95ec51ecd181c7a6fcb40738280d0cd4353ff7ed
Author: Jacques Le Roux <ja...@les7arts.com>
AuthorDate: Mon Sep 13 10:11:02 2021 +0200
Fixed: Found a new XXE (XML External Entity Injection) vulnerability in EntityImport (OFBIZ-12304)
Fixes a typo issue
---
.../src/main/java/org/apache/ofbiz/webtools/WebToolsServices.java | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/framework/webtools/src/main/java/org/apache/ofbiz/webtools/WebToolsServices.java b/framework/webtools/src/main/java/org/apache/ofbiz/webtools/WebToolsServices.java
index 206aae9..3f6752a 100644
--- a/framework/webtools/src/main/java/org/apache/ofbiz/webtools/WebToolsServices.java
+++ b/framework/webtools/src/main/java/org/apache/ofbiz/webtools/WebToolsServices.java
@@ -144,8 +144,8 @@ public class WebToolsServices {
// FM Template
// #############################
if (UtilValidate.urlInString(fulltext)) {
- Debug.logError("For security reason HTTP URLs are not accepted, see OFBIZ-12304", MODULE);
- Debug.logInfo("Rather load your data from a file", MODULE);
+ Debug.logError("For security reason HTTP URLs are not accepted, see OFBIZ-12304", module);
+ Debug.logInfo("Rather load your data from a file", module);
return null;
}
if (UtilValidate.isNotEmpty(fmfilename) && (UtilValidate.isNotEmpty(fulltext) || url != null)) {