You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by jl...@apache.org on 2021/10/09 06:03:41 UTC
[ofbiz-framework] branch trunk updated: Improved: post-auth Remote
Code Execution Vulnerability (OFBIZ-12332)
This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/trunk by this push:
new cd03a6a Improved: post-auth Remote Code Execution Vulnerability (OFBIZ-12332)
cd03a6a is described below
commit cd03a6a98f2a34a9676196f85883dfd3947ee788
Author: Jacques Le Roux <ja...@les7arts.com>
AuthorDate: Sat Oct 9 07:48:55 2021 +0200
Improved: post-auth Remote Code Execution Vulnerability (OFBIZ-12332)
Temporarily comments out XMLRPC tests.
I'll work on a definitive solution ASAP
---
framework/service/testdef/servicetests.xml | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/framework/service/testdef/servicetests.xml b/framework/service/testdef/servicetests.xml
index 817c063..6d15539 100644
--- a/framework/service/testdef/servicetests.xml
+++ b/framework/service/testdef/servicetests.xml
@@ -66,13 +66,14 @@ under the License.
<test-case case-name="service-eca-global-event-exec-assert-data">
<entity-xml action="assert" entity-xml-url="component://service/testdef/data/ServiceEcaGlobalEventAssertData.xml"/>
</test-case>
-
- <test-case case-name="service-xml-rpc">
+
+<!-- Because of "post-auth Remote Code Execution Vulnerability" (OFBIZ-12332), Temporarily comments out XMLRPC tests. -->
+<!-- <test-case case-name="service-xml-rpc">
<junit-test-suite class-name="org.apache.ofbiz.service.test.XmlRpcTests"/>
</test-case>
<test-case case-name="service-xml-rpc-local-engine">
<service-test service-name="testXmlRpcClientAdd"/>
- </test-case>
+ </test-case> -->
<test-case case-name="load-data-service-permission-tests">
<entity-xml entity-xml-url="component://service/testdef/data/PermissionServiceTestData.xml"/>
</test-case>