You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@ofbiz.apache.org by jl...@apache.org on 2021/10/09 06:03:41 UTC

[ofbiz-framework] branch trunk updated: Improved: post-auth Remote Code Execution Vulnerability (OFBIZ-12332)

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git


The following commit(s) were added to refs/heads/trunk by this push:
     new cd03a6a  Improved: post-auth Remote Code Execution Vulnerability (OFBIZ-12332)
cd03a6a is described below

commit cd03a6a98f2a34a9676196f85883dfd3947ee788
Author: Jacques Le Roux <ja...@les7arts.com>
AuthorDate: Sat Oct 9 07:48:55 2021 +0200

    Improved: post-auth Remote Code Execution Vulnerability (OFBIZ-12332)
    
    Temporarily comments out XMLRPC tests.
    
    I'll work on a definitive solution ASAP
---
 framework/service/testdef/servicetests.xml | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/framework/service/testdef/servicetests.xml b/framework/service/testdef/servicetests.xml
index 817c063..6d15539 100644
--- a/framework/service/testdef/servicetests.xml
+++ b/framework/service/testdef/servicetests.xml
@@ -66,13 +66,14 @@ under the License.
     <test-case case-name="service-eca-global-event-exec-assert-data">
         <entity-xml action="assert" entity-xml-url="component://service/testdef/data/ServiceEcaGlobalEventAssertData.xml"/>
     </test-case>
-    
-    <test-case case-name="service-xml-rpc">
+
+<!-- Because of "post-auth Remote Code Execution Vulnerability" (OFBIZ-12332), Temporarily comments out XMLRPC tests. -->
+<!--     <test-case case-name="service-xml-rpc">
         <junit-test-suite class-name="org.apache.ofbiz.service.test.XmlRpcTests"/>
     </test-case>
     <test-case case-name="service-xml-rpc-local-engine">
         <service-test service-name="testXmlRpcClientAdd"/>
-    </test-case>
+    </test-case> -->
     <test-case case-name="load-data-service-permission-tests">
         <entity-xml entity-xml-url="component://service/testdef/data/PermissionServiceTestData.xml"/>
     </test-case>