You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@ofbiz.apache.org by Jacopo Cappellato <ja...@apache.org> on 2013/07/20 17:59:22 UTC
[ANNOUNCE] Apache OFBiz 10.04.06 released
The Apache OFBiz community is pleased to announce the new release "Apache OFBiz 10.04.06".
Apache OFBiz is an open source enterprise automation software project (ERP, CRM, E-Business / E-Commerce, MRP, SCM, CMMS/EAM...):
http://ofbiz.apache.org/
"Apache OFBiz 10.04.06" is the last bug fix release for the 10.04 series; all users of "Apache OFBiz 10.04.*" releases are encouraged to upgrade to this latest release because the new release contains several bug fixes including fixes for the following security vulnerabilities:
CVE-2013-2137 - XSS vulnerability in the "View Log" screen of the OFBiz Webtools application
CVE-2013-2250 - Nested expression evaluation allows remote users to execute arbitrary UEL functions in OFBiz
See also:
http://ofbiz.apache.org/download.html#vulnerabilities
The release file can be downloaded following the instructions in the OFBiz download page :
http://ofbiz.apache.org/download.html
The OFBiz Team.
Re: [ANNOUNCE] Apache OFBiz 10.04.06 released
Posted by Jacopo Cappellato <ja...@hotwaxmedia.com>.
On Jul 21, 2013, at 1:27 AM, SirDouglas Cook <si...@hotmail.com> wrote:
> dev-unsubscribe@ofbiz.apache.or
Doug, check the above email address... you have forgotten the trailing "r".
Jacopo
Re: [ANNOUNCE] Apache OFBiz 10.04.06 released
Posted by Jacques Le Roux <ja...@les7arts.com>.
Maybe if you send us the email headers you send and the one you receive we could help by asking the infrastrucure to look at it...
BTW no needs to broadcast to other emails addresses, only OFBiz MLs addresses (dev and maybe user) should be concnerned
Jacques
----- Original Message -----
From: "SirDouglas Cook" <si...@hotmail.com>
To: <de...@ofbiz.apache.org>; <an...@apache.org>; <us...@ofbiz.apache.org>; "security Team" <se...@apache.org>
Sent: Sunday, July 21, 2013 1:27 AM
Subject: RE: [ANNOUNCE] Apache OFBiz 10.04.06 released
When I reply... to unsubscribe... I get this:::
This is an automatically generated Delivery Status Notification.
Delivery to the following recipients failed.
dev-unsubscribe@ofbiz.apache.or
Can you imagine how frigging frustrating this is?
Please Help,
Doug
Confidentiality Warning: This message and any attachments are intended only for the use of the intended recipient(s), are confidential and may be privileged. If you are not the intended recipient, you are hereby notified that any review, retransmission, conversion to hard copy, copying, circulation or other use of this message and any attachments is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return email and delete this message and any attachments from your system. Thank you.
Avertissement concernant la confidentialité : Ce message et toutes les pièces jointes s'y rattachant sont destinés uniquement et aux fins du destinataire(s) prévu(s), sont confidentiels et peuvent être protégés par le privilège. Si vous n'êtes pas le destinataire prévu, nous vous avisons, par la présente, que toute revue, retransmission, conversion en sortie papier, copie ainsi que toute circulation ou utilisation autre que celle envisagée pour ce message et pour toutes ses pièces jointes sont strictement interdites. Si vous n'êtes pas le destinataire prévu, veuillez immédiatement en aviser l'expéditeur par retour de courrier électronique et supprimez ce message ainsi que toutes les pièces jointes de votre système. Merci.
> From: sirdouglascook@hotmail.com
> To: dev@ofbiz.apache.org; announce@apache.org; user@ofbiz.apache.org; security@apache.org
> Subject: RE: [ANNOUNCE] Apache OFBiz 10.04.06 released
> Date: Sat, 20 Jul 2013 19:15:22 -0400
>
> Please make the emails to sirdouglascook@hotmail.com stop...
>
> and remove my email addresses from
>
> *gregory.draperi@gmail.com
> *security@apache.org
> *dev@ofbiz.apache.org
> *user@ofbiz.apache.org
> *announce@apache.org
> *full-disclosure@lists.grok.org.uk
> *bugtraq@securityfocus.com
>
> This has been over a month, I am fed up.. I have asked everyone .. everywhere..
> I shouldn't have to contact ISP's and Spam forums to shut you down... nor should anyone else.
> But for &*^& sakes... remove me from your data bases NOW.
>
> Thank you,
>
> Doug
>
>
> Confidentiality Warning: This message and any attachments are intended only for the use of the intended recipient(s), are confidential and may be privileged. If you are not the intended recipient, you are hereby notified that any review, retransmission, conversion to hard copy, copying, circulation or other use of this message and any attachments is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return email and delete this message and any attachments from your system. Thank you.
>
> Avertissement concernant la confidentialité : Ce message et toutes les pièces jointes s'y rattachant sont destinés uniquement et aux fins du destinataire(s) prévu(s), sont confidentiels et peuvent être protégés par le privilège. Si vous n'êtes pas le destinataire prévu, nous vous avisons, par la présente, que toute revue, retransmission, conversion en sortie papier, copie ainsi que toute circulation ou utilisation autre que celle envisagée pour ce message et pour toutes ses pièces jointes sont strictement interdites. Si vous n'êtes pas le destinataire prévu, veuillez immédiatement en aviser l'expéditeur par retour de courrier électronique et supprimez ce message ainsi que toutes les pièces jointes de votre système. Merci.
>
>
> > From: jacopoc@apache.org
> > Subject: [ANNOUNCE] Apache OFBiz 10.04.06 released
> > Date: Sat, 20 Jul 2013 17:59:22 +0200
> > To: announce@apache.org; dev@ofbiz.apache.org; user@ofbiz.apache.org; security@apache.org
> >
> > The Apache OFBiz community is pleased to announce the new release "Apache OFBiz 10.04.06".
> >
> > Apache OFBiz is an open source enterprise automation software project (ERP, CRM, E-Business / E-Commerce, MRP, SCM, CMMS/EAM...):
> >
> > http://ofbiz.apache.org/
> >
> > "Apache OFBiz 10.04.06" is the last bug fix release for the 10.04 series; all users of "Apache OFBiz 10.04.*" releases are encouraged to upgrade to this latest release because the new release contains several bug fixes including fixes for the following security vulnerabilities:
> >
> > CVE-2013-2137 - XSS vulnerability in the "View Log" screen of the OFBiz Webtools application
> > CVE-2013-2250 - Nested expression evaluation allows remote users to execute arbitrary UEL functions in OFBiz
> >
> > See also:
> >
> > http://ofbiz.apache.org/download.html#vulnerabilities
> >
> > The release file can be downloaded following the instructions in the OFBiz download page :
> >
> > http://ofbiz.apache.org/download.html
> >
> > The OFBiz Team.
>
RE: [ANNOUNCE] Apache OFBiz 10.04.06 released
Posted by SirDouglas Cook <si...@hotmail.com>.
When I reply... to unsubscribe... I get this:::
This is an automatically generated Delivery Status Notification.
Delivery to the following recipients failed.
dev-unsubscribe@ofbiz.apache.or
Can you imagine how frigging frustrating this is?
Please Help,
Doug
Confidentiality Warning: This message and any attachments are intended only for the use of the intended recipient(s), are confidential and may be privileged. If you are not the intended recipient, you are hereby notified that any review, retransmission, conversion to hard copy, copying, circulation or other use of this message and any attachments is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return email and delete this message and any attachments from your system. Thank you.
Avertissement concernant la confidentialité : Ce message et toutes les pièces jointes s'y rattachant sont destinés uniquement et aux fins du destinataire(s) prévu(s), sont confidentiels et peuvent être protégés par le privilège. Si vous n'êtes pas le destinataire prévu, nous vous avisons, par la présente, que toute revue, retransmission, conversion en sortie papier, copie ainsi que toute circulation ou utilisation autre que celle envisagée pour ce message et pour toutes ses pièces jointes sont strictement interdites. Si vous n'êtes pas le destinataire prévu, veuillez immédiatement en aviser l'expéditeur par retour de courrier électronique et supprimez ce message ainsi que toutes les pièces jointes de votre système. Merci.
> From: sirdouglascook@hotmail.com
> To: dev@ofbiz.apache.org; announce@apache.org; user@ofbiz.apache.org; security@apache.org
> Subject: RE: [ANNOUNCE] Apache OFBiz 10.04.06 released
> Date: Sat, 20 Jul 2013 19:15:22 -0400
>
> Please make the emails to sirdouglascook@hotmail.com stop...
>
> and remove my email addresses from
>
> *gregory.draperi@gmail.com
> *security@apache.org
> *dev@ofbiz.apache.org
> *user@ofbiz.apache.org
> *announce@apache.org
> *full-disclosure@lists.grok.org.uk
> *bugtraq@securityfocus.com
>
> This has been over a month, I am fed up.. I have asked everyone .. everywhere..
> I shouldn't have to contact ISP's and Spam forums to shut you down... nor should anyone else.
> But for &*^& sakes... remove me from your data bases NOW.
>
> Thank you,
>
> Doug
>
>
> Confidentiality Warning: This message and any attachments are intended only for the use of the intended recipient(s), are confidential and may be privileged. If you are not the intended recipient, you are hereby notified that any review, retransmission, conversion to hard copy, copying, circulation or other use of this message and any attachments is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return email and delete this message and any attachments from your system. Thank you.
>
> Avertissement concernant la confidentialité : Ce message et toutes les pièces jointes s'y rattachant sont destinés uniquement et aux fins du destinataire(s) prévu(s), sont confidentiels et peuvent être protégés par le privilège. Si vous n'êtes pas le destinataire prévu, nous vous avisons, par la présente, que toute revue, retransmission, conversion en sortie papier, copie ainsi que toute circulation ou utilisation autre que celle envisagée pour ce message et pour toutes ses pièces jointes sont strictement interdites. Si vous n'êtes pas le destinataire prévu, veuillez immédiatement en aviser l'expéditeur par retour de courrier électronique et supprimez ce message ainsi que toutes les pièces jointes de votre système. Merci.
>
>
> > From: jacopoc@apache.org
> > Subject: [ANNOUNCE] Apache OFBiz 10.04.06 released
> > Date: Sat, 20 Jul 2013 17:59:22 +0200
> > To: announce@apache.org; dev@ofbiz.apache.org; user@ofbiz.apache.org; security@apache.org
> >
> > The Apache OFBiz community is pleased to announce the new release "Apache OFBiz 10.04.06".
> >
> > Apache OFBiz is an open source enterprise automation software project (ERP, CRM, E-Business / E-Commerce, MRP, SCM, CMMS/EAM...):
> >
> > http://ofbiz.apache.org/
> >
> > "Apache OFBiz 10.04.06" is the last bug fix release for the 10.04 series; all users of "Apache OFBiz 10.04.*" releases are encouraged to upgrade to this latest release because the new release contains several bug fixes including fixes for the following security vulnerabilities:
> >
> > CVE-2013-2137 - XSS vulnerability in the "View Log" screen of the OFBiz Webtools application
> > CVE-2013-2250 - Nested expression evaluation allows remote users to execute arbitrary UEL functions in OFBiz
> >
> > See also:
> >
> > http://ofbiz.apache.org/download.html#vulnerabilities
> >
> > The release file can be downloaded following the instructions in the OFBiz download page :
> >
> > http://ofbiz.apache.org/download.html
> >
> > The OFBiz Team.
>
RE: [ANNOUNCE] Apache OFBiz 10.04.06 released
Posted by SirDouglas Cook <si...@hotmail.com>.
Please make the emails to sirdouglascook@hotmail.com stop...
and remove my email addresses from
*gregory.draperi@gmail.com
*security@apache.org
*dev@ofbiz.apache.org
*user@ofbiz.apache.org
*announce@apache.org
*full-disclosure@lists.grok.org.uk
*bugtraq@securityfocus.com
This has been over a month, I am fed up.. I have asked everyone .. everywhere..
I shouldn't have to contact ISP's and Spam forums to shut you down... nor should anyone else.
But for &*^& sakes... remove me from your data bases NOW.
Thank you,
Doug
Confidentiality Warning: This message and any attachments are intended only for the use of the intended recipient(s), are confidential and may be privileged. If you are not the intended recipient, you are hereby notified that any review, retransmission, conversion to hard copy, copying, circulation or other use of this message and any attachments is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return email and delete this message and any attachments from your system. Thank you.
Avertissement concernant la confidentialité : Ce message et toutes les pièces jointes s'y rattachant sont destinés uniquement et aux fins du destinataire(s) prévu(s), sont confidentiels et peuvent être protégés par le privilège. Si vous n'êtes pas le destinataire prévu, nous vous avisons, par la présente, que toute revue, retransmission, conversion en sortie papier, copie ainsi que toute circulation ou utilisation autre que celle envisagée pour ce message et pour toutes ses pièces jointes sont strictement interdites. Si vous n'êtes pas le destinataire prévu, veuillez immédiatement en aviser l'expéditeur par retour de courrier électronique et supprimez ce message ainsi que toutes les pièces jointes de votre système. Merci.
> From: jacopoc@apache.org
> Subject: [ANNOUNCE] Apache OFBiz 10.04.06 released
> Date: Sat, 20 Jul 2013 17:59:22 +0200
> To: announce@apache.org; dev@ofbiz.apache.org; user@ofbiz.apache.org; security@apache.org
>
> The Apache OFBiz community is pleased to announce the new release "Apache OFBiz 10.04.06".
>
> Apache OFBiz is an open source enterprise automation software project (ERP, CRM, E-Business / E-Commerce, MRP, SCM, CMMS/EAM...):
>
> http://ofbiz.apache.org/
>
> "Apache OFBiz 10.04.06" is the last bug fix release for the 10.04 series; all users of "Apache OFBiz 10.04.*" releases are encouraged to upgrade to this latest release because the new release contains several bug fixes including fixes for the following security vulnerabilities:
>
> CVE-2013-2137 - XSS vulnerability in the "View Log" screen of the OFBiz Webtools application
> CVE-2013-2250 - Nested expression evaluation allows remote users to execute arbitrary UEL functions in OFBiz
>
> See also:
>
> http://ofbiz.apache.org/download.html#vulnerabilities
>
> The release file can be downloaded following the instructions in the OFBiz download page :
>
> http://ofbiz.apache.org/download.html
>
> The OFBiz Team.