You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ofbiz.apache.org by Jacques Le Roux <jl...@apache.org> on 2023/05/26 09:15:02 UTC
Re: [ofbiz-site] branch master updated: Fixed: fixes a documentation link
Sorry, forgot to mention that there are also no functional changes : tabs changed to spaces and trailing spaces removed.
Le 26/05/2023 à 10:49, jleroux@apache.org a écrit :
> This is an automated email from the ASF dual-hosted git repository.
>
> jleroux pushed a commit to branch master
> in repository https://gitbox.apache.org/repos/asf/ofbiz-site.git
>
>
> The following commit(s) were added to refs/heads/master by this push:
> new ac554c3 Fixed: fixes a documentation link
> ac554c3 is described below
>
> commit ac554c35de0a322a50717cb67525f3f023815a1c
> Author: Jacques Le Roux <ja...@les7arts.com>
> AuthorDate: Fri May 26 10:49:56 2023 +0200
>
> Fixed: fixes a documentation link
>
> The "we highly suggest to OFBiz users to not use credentials demo in production"
> link
> ---
> security.html | 46 +++++++++++++++++++++---------------------
> template/page/security.tpl.php | 18 ++++++++---------
> 2 files changed, 32 insertions(+), 32 deletions(-)
>
> diff --git a/security.html b/security.html
> index d2abe77..eb9778a 100644
> --- a/security.html
> +++ b/security.html
> @@ -82,7 +82,7 @@
> </li>
> <li><a href="#" class="firstLevel">Community</a>
> <ul>
> - <li><a href="getting-involved.html">Getting Involved</a></li>
> + <li><a href="getting-involved.html">Getting Involved</a></li>
> <li><a href="mailing-lists.html">Mailing Lists</a></li>
> <li><a href="source-repositories.html">Source Repository</a></li>
> <li><a href="download.html">Downloads</a></li>
> @@ -91,18 +91,18 @@
> </ul>
> </li>
> <li><a href="ofbiz-demos.html" class="firstLevel">Demos</a></li>
> - <li>
> - <a href="//twitter.com/ApacheOfbiz" class="icon-twitter-bird socialIcon tips"
> - target="external" title="follow us on Twitter"><span>twitter</span></a>
> - </li>
> - <li><a href="//www.linkedin.com/company/apache-ofbiz/" target="external" class="icon-linkedin socialIcon tips" title="follow us on Linkedin"><span>linkedin</span></a></li>
> - <li><a href="//www.facebook.com/Apache-OFBiz-1478219232210477/?ref=page_internal" target="external" class="icon-facebook socialIcon tips" title="follow us on Facebook"><span>facebook</span></a></li>
> - <li><a href="//www.youtube.com/user/ofbiz" class="icon-play socialIcon tips" target="external" title="follow us on Youtube"><span>Youtube</span></a></li>
> - <!--<li><a href="#" class="icon-rss socialIcon tips" title="Our rss feed"><span>rss feed</span></a></li>
> - <li><a href="#" class="icon-gplus socialIcon tips" title="follow us on Google +"><span>google +</span></a></li>
> - <li><a href="#" class="icon-instagram socialIcon tips" title="follow us on Instagram"><span>instagram</span></a></li>
> - <li><a href="#" class="icon-linkedin socialIcon tips" title="follow us on Linkedin"><span>linkedin</span></a></li>
> - <li><a href="#" class="icon-pinterest-circled socialIcon tips" title="follow us on Pinterest"><span>Pinterest</span></a></li>-->
> + <li>
> + <a href="//twitter.com/ApacheOfbiz" class="icon-twitter-bird socialIcon tips"
> + target="external" title="follow us on Twitter"><span>twitter</span></a>
> + </li>
> + <li><a href="//www.linkedin.com/company/apache-ofbiz/" target="external" class="icon-linkedin socialIcon tips" title="follow us on Linkedin"><span>linkedin</span></a></li>
> + <li><a href="//www.facebook.com/Apache-OFBiz-1478219232210477/?ref=page_internal" target="external" class="icon-facebook socialIcon tips" title="follow us on Facebook"><span>facebook</span></a></li>
> + <li><a href="//www.youtube.com/user/ofbiz" class="icon-play socialIcon tips" target="external" title="follow us on Youtube"><span>Youtube</span></a></li>
> + <!--<li><a href="#" class="icon-rss socialIcon tips" title="Our rss feed"><span>rss feed</span></a></li>
> + <li><a href="#" class="icon-gplus socialIcon tips" title="follow us on Google +"><span>google +</span></a></li>
> + <li><a href="#" class="icon-instagram socialIcon tips" title="follow us on Instagram"><span>instagram</span></a></li>
> + <li><a href="#" class="icon-linkedin socialIcon tips" title="follow us on Linkedin"><span>linkedin</span></a></li>
> + <li><a href="#" class="icon-pinterest-circled socialIcon tips" title="follow us on Pinterest"><span>Pinterest</span></a></li>-->
> </ul>
> </nav>
> </div>
> @@ -130,23 +130,23 @@
> <h2><a id="security"></a>Security Vulnerabilities</h2>
> <div class="divider"><span></span></div>
> <p>Please see the <a href="https://www.apache.org/security" target="external">ASF Security Team webpage</a> for further information about reporting a security vulnerability as well as their contact information. </p>
> -
> +
> <p><strong>We strongly encourage OfBiz users to report security problems affecting OFBiz to the private security mailing lists (either security@ofbiz.apache.org or security@apache.org),
> before disclosing them in a public forum. Please don't pack several vulnerabilities in the same report, send them one by one, thanks in advance.</strong></p>
> -
> - <p>Note that we no longer create CVEs for post-auth attacks done using demo credentials, notably using the admin user.
> +
> + <p>Note that we no longer create CVEs for post-auth attacks done using demo credentials, notably using the admin user.
> <strong> <a href="https://s.apache.org/dsj2p"> Rather create bugs reports in our issue tracker (Jira) for that.</a><span style="color:red"> Please don't create Jira issues for unauth (aka pre-auth) reports, thanks in advance.</span></strong></p>
> -
> - <p>One of the reason we no longer create CVEs for post-auth attacks done using demo credentials is because
> - <a href="https://nightlies.apache.org/ofbiz/trunk/readme/html5/#security" target="external"> we highly suggest to OFBiz users to not use credentials demo in production</a>
> +
> + <p>One of the reason we no longer create CVEs for post-auth attacks done using demo credentials is because
> + <a href="https://nightlies.apache.org/ofbiz/trunk/readme/html5/README.html#security" target="external"> we highly suggest to OFBiz users to not use credentials demo in production</a>
> and we expect OFBiz users to do so.
> - <a href="https://cwiki.apache.org/confluence/display/OFBIZ/Keeping+OFBiz+secure" target="external"> We also warn our users on the "Keeping OFBiz secure wiki page".</a>
> + <a href="https://cwiki.apache.org/confluence/display/OFBIZ/Keeping+OFBiz+secure" target="external"> We also warn our users on the "Keeping OFBiz secure wiki page".</a>
> And finally, mostly we reject post-auth vulnerabilities because we have a solid CSRF defense.</p>
> -
> +
> <h3>List of Known Vulnerabilities</h3>
> <ul class="iconsList">
>
> - <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47501" target="external">CVE-2022-47501</a>; affected releases before 18.12.07; fixed in 18.12.07 with commit <a href="https://github.com/apache/ofbiz-plugins/commit/582add7d3" target="external">582add7d3</a></li>
> + <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47501" target="external">CVE-2022-47501</a>; affected releases before 18.12.07; fixed in 18.12.07 with commit <a href="https://github.com/apache/ofbiz-plugins/commit/582add7d3" target="external">582add7d3</a></li>
> <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25813" target="external">CVE-2022-25813</a>; affected releases before 18.12.06; fixed in 18.12.06 with commits <a href="https://github.com/apache/ofbiz-framework/commit/843b1c7e71" target="external">843b1c7e71</a>, <a href="https://github.com/apache/ofbiz-framework/commit/3797e60375" target="external">3797e60375</a>, <a href="https://github.com/apache/ofbiz-framework/commit/b24dcff344" [...]
> <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29063" target="external">CVE-2022-29063</a>; affected releases before 18.12.06; fixed in 18.12.06 with commit <a href="https://github.com/apache/ofbiz-plugins/commit/061252a80" target="external">061252a80</a></li>
> <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29158" target="external">CVE-2022-29158</a>; affected releases before 18.12.06; fixed in 18.12.06 with commit <a href="https://github.com/apache/ofbiz-framework/commit/ff92c4bc9" target="external">ff92c4bc9</a></li>
> @@ -244,7 +244,7 @@
> <li><a href="https://privacy.apache.org/policies/privacy-policy-public.html" target="external">Privacy Policy</a></li>
> <li><a href="https://www.apache.org/events/current-event" target="external">Events</a></li>
> <li><a href="https://www.apache.org/foundation/sponsorship.html" target="external">Sponsorship</a>
> - and <a href="https://www.apache.org/foundation/contributing.html" target="external">Donations</a>
> + and <a href="https://www.apache.org/foundation/contributing.html" target="external">Donations</a>
> </li>
> <li><a href="https://www.apache.org/foundation/thanks.html" target="external">Thanks</a></li>
> <li><a href="https://ofbiz.apache.org/security.html">Security</a></li>
> diff --git a/template/page/security.tpl.php b/template/page/security.tpl.php
> index 297cde5..6932770 100644
> --- a/template/page/security.tpl.php
> +++ b/template/page/security.tpl.php
> @@ -19,23 +19,23 @@
> <h2><a id="security"></a>Security Vulnerabilities</h2>
> <div class="divider"><span></span></div>
> <p>Please see the <a href="https://www.apache.org/security" target="external">ASF Security Team webpage</a> for further information about reporting a security vulnerability as well as their contact information. </p>
> -
> +
> <p><strong>We strongly encourage OfBiz users to report security problems affecting OFBiz to the private security mailing lists (either security@ofbiz.apache.org or security@apache.org),
> before disclosing them in a public forum. Please don't pack several vulnerabilities in the same report, send them one by one, thanks in advance.</strong></p>
> -
> - <p>Note that we no longer create CVEs for post-auth attacks done using demo credentials, notably using the admin user.
> +
> + <p>Note that we no longer create CVEs for post-auth attacks done using demo credentials, notably using the admin user.
> <strong> <a href="https://s.apache.org/dsj2p"> Rather create bugs reports in our issue tracker (Jira) for that.</a><span style="color:red"> Please don't create Jira issues for unauth (aka pre-auth) reports, thanks in advance.</span></strong></p>
> -
> - <p>One of the reason we no longer create CVEs for post-auth attacks done using demo credentials is because
> - <a href="https://nightlies.apache.org/ofbiz/trunk/readme/html5/#security" target="external"> we highly suggest to OFBiz users to not use credentials demo in production</a>
> +
> + <p>One of the reason we no longer create CVEs for post-auth attacks done using demo credentials is because
> + <a href="https://nightlies.apache.org/ofbiz/trunk/readme/html5/README.html#security"> we highly suggest to OFBiz users to not use credentials demo in production</a>
> and we expect OFBiz users to do so.
> - <a href="https://cwiki.apache.org/confluence/display/OFBIZ/Keeping+OFBiz+secure" target="external"> We also warn our users on the "Keeping OFBiz secure wiki page".</a>
> + <a href="https://cwiki.apache.org/confluence/display/OFBIZ/Keeping+OFBiz+secure" target="external"> We also warn our users on the "Keeping OFBiz secure wiki page".</a>
> And finally, mostly we reject post-auth vulnerabilities because we have a solid CSRF defense.</p>
> -
> +
> <h3>List of Known Vulnerabilities</h3>
> <ul class="iconsList">
>
> - <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47501" target="external">CVE-2022-47501</a>; affected releases before 18.12.07; fixed in 18.12.07 with commit <a href="https://github.com/apache/ofbiz-plugins/commit/582add7d3" target="external">582add7d3</a></li>
> + <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47501" target="external">CVE-2022-47501</a>; affected releases before 18.12.07; fixed in 18.12.07 with commit <a href="https://github.com/apache/ofbiz-plugins/commit/582add7d3" target="external">582add7d3</a></li>
> <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25813" target="external">CVE-2022-25813</a>; affected releases before 18.12.06; fixed in 18.12.06 with commits <a href="https://github.com/apache/ofbiz-framework/commit/843b1c7e71" target="external">843b1c7e71</a>, <a href="https://github.com/apache/ofbiz-framework/commit/3797e60375" target="external">3797e60375</a>, <a href="https://github.com/apache/ofbiz-framework/commit/b24dcff344" [...]
> <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29063" target="external">CVE-2022-29063</a>; affected releases before 18.12.06; fixed in 18.12.06 with commit <a href="https://github.com/apache/ofbiz-plugins/commit/061252a80" target="external">061252a80</a></li>
> <li><i class="icon-pin"></i> <a href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29158" target="external">CVE-2022-29158</a>; affected releases before 18.12.06; fixed in 18.12.06 with commit <a href="https://github.com/apache/ofbiz-framework/commit/ff92c4bc9" target="external">ff92c4bc9</a></li>
>