You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by jl...@apache.org on 2020/07/08 08:29:09 UTC
[ofbiz-framework] branch trunk updated (e111f19 -> 0176270)
This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a change to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git.
from e111f19 Improved: Convert InventoryTests.xml to Groovy (OFBIZ-11851)
new c5cb927 Documented: POC for CSRF Token (CVE-2019-0235) (OFBIZ-11306)
new 0176270 Improved: Adds information to install without the demo data
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
INSTALL | 10 ++++++++++
framework/webapp/dtd/site-conf.xsd | 8 ++++++++
2 files changed, 18 insertions(+)
[ofbiz-framework] 01/02: Documented: POC for CSRF Token
(CVE-2019-0235) (OFBIZ-11306)
Posted by jl...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
commit c5cb927124528c06e80fcb8096ab954684436f7e
Author: Jacques Le Roux <ja...@les7arts.com>
AuthorDate: Tue Jul 7 19:02:15 2020 +0200
Documented: POC for CSRF Token (CVE-2019-0235) (OFBIZ-11306)
Clarifies the behaviour of csrf-token
Thanks: James Yong
---
framework/webapp/dtd/site-conf.xsd | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/framework/webapp/dtd/site-conf.xsd b/framework/webapp/dtd/site-conf.xsd
index 01d0046..44d98a5 100644
--- a/framework/webapp/dtd/site-conf.xsd
+++ b/framework/webapp/dtd/site-conf.xsd
@@ -309,6 +309,14 @@ under the License.
<xs:annotation>
<xs:documentation>
If true csrf token is expected. If false no csrf token check. Default to "".
+
+ When csrf-token is empty or not set, the behaviour should be determined by
+ CsrfDefenseStrategy class (or another implementation of ICsrfDefenseStrategy).
+
+ When csrf-token is explicitly set to either true or false,
+ CsrfDefenseStrategy class (or another implementation of ICsrfDefenseStrategy)
+ should follow the setting.
+ So if true, csrf token is expected. If false, no csrf token check.
</xs:documentation>
</xs:annotation>
<xs:simpleType>
[ofbiz-framework] 02/02: Improved: Adds information to install
without the demo data
Posted by jl...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
commit 0176270d88d2f30039a0bf11316c659d0805f89d
Author: Jacques Le Roux <ja...@les7arts.com>
AuthorDate: Wed Jul 8 10:21:24 2020 +0200
Improved: Adds information to install without the demo data
---
INSTALL | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/INSTALL b/INSTALL
index 6327120..4670969 100644
--- a/INSTALL
+++ b/INSTALL
@@ -36,6 +36,16 @@ _______________________________________________________________________________
MS Windows: gradlew cleanAll loadAll
Unix-like OS: ./gradlew cleanAll loadAll
+=====Note:
+As the later step, to install without the demo data follow:
+(beware this is for development or production, not trying)
+
+Windows: gradlew cleanAll "ofbiz --load-data readers=seed,seed-initial" loadAdminUserLogin -PuserLoginId=admin
+Unix-like OS: ./gradlew cleanAll "ofbiz --load-data readers=seed,seed-initial" loadAdminUserLogin -PuserLoginId=admin
+
+The OFBiz install will be empty, there will be no chart of accounts, no transactions, no products, no customers and no suppliers.
+You can't log to the E-Commerce Store. You will get: "A Product Store has not been defined for this ecommerce site. A Product Store can be created using the ofbizsetup wizard."
+
=== Start OFBiz:
MS Windows: gradlew ofbiz