You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by jl...@apache.org on 2021/09/13 08:12:52 UTC
[ofbiz-framework] branch release18.12 updated: Fixed: Found a new
XXE (XML External Entity Injection) vulnerability in EntityImport
(OFBIZ-12304)
This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch release18.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/release18.12 by this push:
new 7f3e1f5 Fixed: Found a new XXE (XML External Entity Injection) vulnerability in EntityImport (OFBIZ-12304)
7f3e1f5 is described below
commit 7f3e1f58c4ba265100ba59837c7cdbc3dc5d1f24
Author: Jacques Le Roux <ja...@les7arts.com>
AuthorDate: Mon Sep 13 09:56:03 2021 +0200
Fixed: Found a new XXE (XML External Entity Injection) vulnerability in EntityImport (OFBIZ-12304)
Fixes a typo issue
---
.../src/main/java/org/apache/ofbiz/webtools/WebToolsServices.java | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/framework/webtools/src/main/java/org/apache/ofbiz/webtools/WebToolsServices.java b/framework/webtools/src/main/java/org/apache/ofbiz/webtools/WebToolsServices.java
index 633c10a..b7f5b56 100644
--- a/framework/webtools/src/main/java/org/apache/ofbiz/webtools/WebToolsServices.java
+++ b/framework/webtools/src/main/java/org/apache/ofbiz/webtools/WebToolsServices.java
@@ -144,8 +144,8 @@ public class WebToolsServices {
// FM Template
// #############################
if (UtilValidate.urlInString(fulltext)) {
- Debug.logError("For security reason HTTP URLs are not accepted, see OFBIZ-12304", MODULE);
- Debug.logInfo("Rather load your data from a file", MODULE);
+ Debug.logError("For security reason HTTP URLs are not accepted, see OFBIZ-12304", module);
+ Debug.logInfo("Rather load your data from a file", module);
return null;
}
if (UtilValidate.isNotEmpty(fmfilename) && (UtilValidate.isNotEmpty(fulltext) || url != null)) {