You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@ofbiz.apache.org by "Jacques Le Roux (Jira)" <ji...@apache.org> on 2022/04/04 06:03:00 UTC

[jira] [Created] (OFBIZ-12594) Prevent Freemarker interpolation in fields

Jacques Le Roux created OFBIZ-12594:
---------------------------------------

             Summary: Prevent Freemarker interpolation in fields
                 Key: OFBIZ-12594
                 URL: https://issues.apache.org/jira/browse/OFBIZ-12594
             Project: OFBiz
          Issue Type: Improvement
          Components: ALL APPLICATIONS, ALL PLUGINS
    Affects Versions: 18.12.06, 22.01.01
            Reporter: Jacques Le Roux
            Assignee: Jacques Le Roux


OFBIZ-12587 is a definitive solution to prevent any kind of Freemarker exploits. But it's hard to realise because OFBiz exposes objects, like attributes from the Servlet scopes. So in the meantime preventing Freemarker interpolation in fields is a pragmatic solution.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)