This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a change to branch release18.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git.
from 047849f Fixed: Remote Code Execution (File Upload) Vulnerability
(OFBIZ-11948)
new 61ddf04 Documented: Possible authenticated attack related to Tomcat
CVE-2020-1938 (OFBIZ-12558)
new 03bc88d Improved: no functional trivial cleaning changes
new dcb348e Improved: Possible authenticated attack related to Tomcat
CVE-2020-1938 (OFBIZ-12558)
new 0a25c93 Fixed: Remote Code Execution (File Upload) Vulnerability
(OFBIZ-11948)
The 4 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
README.adoc | 3 +-
.../ofbiz/content/ContentManagementServices.java | 3 +
.../apache/ofbiz/content/data/DataServices.java | 1 +
applications/product/config/catalog.properties | 4 +-
.../org/apache/ofbiz/product/image/ScaleImage.java | 2 +
.../ofbiz/product/imagemanagement/FrameImage.java | 3 +-
.../imagemanagement/ImageManagementServices.java | 4 +-
.../ofbiz/product/product/ProductServices.java | 2 +
.../ofbiz/base/util/HttpRequestFileUpload.java | 1 +
framework/catalina/ofbiz-component.xml | 15 ++--
framework/security/config/security.properties | 25 +++++--
.../org/apache/ofbiz/security/SecuredUpload.java | 69 +++++++++++++------
.../ofbiz/service/engine/GroovyBaseScript.groovy | 79 ++++++++++++++++++----
runtime/patches/README | 1 -
themes/common-theme/ofbiz-component.xml | 1 -
15 files changed, 159 insertions(+), 54 deletions(-)
delete mode 100644 runtime/patches/README
