This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a change to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git.
from 8c5100d Improved: Dutch labels (OFBIZ-10363)
new aa15473 Documented: Possible authenticated attack related to Tomcat
CVE-2020-1938 (OFBIZ-12558)
new 0335924 Improved: no functional trivial cleaning changes
new ff5e473 Improved: Possible authenticated attack related to Tomcat
CVE-2020-1938 (OFBIZ-12558)
new f2cf262 Fixed: Remote Code Execution (File Upload) Vulnerability
(OFBIZ-11948)
The 4 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
README.adoc | 3 +-
.../ofbiz/content/ContentManagementServices.java | 3 +
.../apache/ofbiz/content/data/DataServices.java | 1 +
applications/product/config/catalog.properties | 4 +-
.../org/apache/ofbiz/product/image/ScaleImage.java | 2 +
.../ofbiz/product/imagemanagement/FrameImage.java | 3 +-
.../imagemanagement/ImageManagementServices.java | 4 +-
.../ofbiz/product/product/ProductServices.java | 2 +
.../ofbiz/base/util/HttpRequestFileUpload.java | 1 +
framework/catalina/ofbiz-component.xml | 15 ++--
framework/security/config/security.properties | 23 ++++--
.../org/apache/ofbiz/security/SecuredUpload.java | 82 +++++++++++++++-------
.../apache/ofbiz/security/SecurityUtilTest.java | 41 +++++++++--
.../ofbiz/service/engine/GroovyBaseScript.groovy | 15 +++-
.../groovyScripts/entity/ProgramExport.groovy | 12 +---
runtime/patches/README | 1 -
themes/common-theme/ofbiz-component.xml | 1 -
17 files changed, 150 insertions(+), 63 deletions(-)
delete mode 100644 runtime/patches/README
