You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@ofbiz.apache.org by "Jacques Le Roux (Jira)" <ji...@apache.org> on 2022/04/04 07:59:00 UTC

[jira] [Closed] (OFBIZ-12594) Prevent Freemarker interpolation in fields

     [ https://issues.apache.org/jira/browse/OFBIZ-12594?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jacques Le Roux closed OFBIZ-12594.
-----------------------------------
    Fix Version/s: 18.12.06
                   22.01.01
       Resolution: Implemented

> Prevent Freemarker interpolation in fields
> ------------------------------------------
>
>                 Key: OFBIZ-12594
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-12594
>             Project: OFBiz
>          Issue Type: Improvement
>          Components: ALL APPLICATIONS, ALL PLUGINS
>    Affects Versions: 18.12.06, 22.01.01
>            Reporter: Jacques Le Roux
>            Assignee: Jacques Le Roux
>            Priority: Major
>             Fix For: 18.12.06, 22.01.01
>
>
> OFBIZ-12587 is a definitive solution to prevent any kind of Freemarker exploits. But it's hard to realise because OFBiz exposes objects, like attributes from the Servlet scopes. So in the meantime preventing Freemarker interpolation in fields is a pragmatic solution.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)