This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a change to branch release22.01
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git.
from b447f4d Fixed: Remote Code Execution (File Upload) Vulnerability
(OFBIZ-11948)
new 9ea39d4 Documented: Possible authenticated attack related to Tomcat
CVE-2020-1938 (OFBIZ-12558)
new af6286e Improved: no functional trivial cleaning changes
new 4bb37d7 Improved: Possible authenticated attack related to Tomcat
CVE-2020-1938 (OFBIZ-12558)
new 8691b1a Fixed: Remote Code Execution (File Upload) Vulnerability
(OFBIZ-11948)
The 4 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
README.adoc | 3 +-
.../ofbiz/content/ContentManagementServices.java | 3 +
.../apache/ofbiz/content/data/DataServices.java | 1 +
applications/product/config/catalog.properties | 4 +-
.../org/apache/ofbiz/product/image/ScaleImage.java | 2 +
.../ofbiz/product/imagemanagement/FrameImage.java | 3 +-
.../imagemanagement/ImageManagementServices.java | 4 +-
.../ofbiz/product/product/ProductServices.java | 2 +
.../ofbiz/base/util/HttpRequestFileUpload.java | 1 +
framework/catalina/ofbiz-component.xml | 15 ++--
framework/security/config/security.properties | 23 ++++--
.../org/apache/ofbiz/security/SecuredUpload.java | 82 +++++++++++++++-------
.../apache/ofbiz/security/SecurityUtilTest.java | 41 +++++++++--
.../ofbiz/service/engine/GroovyBaseScript.groovy | 15 +++-
.../groovyScripts/entity/ProgramExport.groovy | 12 +---
runtime/patches/README | 1 -
themes/common-theme/ofbiz-component.xml | 1 -
17 files changed, 150 insertions(+), 63 deletions(-)
delete mode 100644 runtime/patches/README
