This is an automated email from the ASF dual-hosted git repository.
jacopoc pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ofbiz-site.git
The following commit(s) were added to refs/heads/master by this push:
new 1035a7d Publish new release information.
1035a7d is described below
commit 1035a7d3f76a4e4ae9cf33b5715d4da9efeded62
Author: Jacopo Cappellato <jacopo.cappell...@gmail.com>
AuthorDate: Thu Sep 1 12:50:31 2022 +0200
Publish new release information.
---
download.html | 56 ++---
download.html => release-notes-18.12.06.html | 328 +++++++++++----------------
template/page/download.tpl.php | 20 +-
template/page/release-notes-18.12.06.tpl.php | 135 +++++++++++
4 files changed, 313 insertions(+), 226 deletions(-)
diff --git a/download.html b/download.html
index 25b34ef..e5d102d 100644
--- a/download.html
+++ b/download.html
@@ -82,7 +82,7 @@
</li>
<li><a href="#" class="firstLevel">Community</a>
<ul>
- <li><a href="getting-involved.html">Getting Involved</a></li>
+ <li><a href="getting-involved.html">Getting Involved</a></li>
<li><a href="mailing-lists.html">Mailing Lists</a></li>
<li><a href="source-repositories.html">Source
Repository</a></li>
<li><a href="download.html">Downloads</a></li>
@@ -91,18 +91,18 @@
</ul>
</li>
<li><a href="ofbiz-demos.html" class="firstLevel">Demos</a></li>
- <li>
- <a href="//twitter.com/ApacheOfbiz" class="icon-twitter-bird
socialIcon tips"
- target="external" title="follow us on
Twitter"><span>twitter</span></a>
- </li>
- <li><a href="//www.linkedin.com/company/apache-ofbiz/"
target="external" class="icon-linkedin socialIcon tips" title="follow us on
Linkedin"><span>linkedin</span></a></li>
- <li><a
href="//www.facebook.com/Apache-OFBiz-1478219232210477/?ref=page_internal"
target="external" class="icon-facebook socialIcon tips" title="follow us on
Facebook"><span>facebook</span></a></li>
- <li><a href="//www.youtube.com/user/ofbiz" class="icon-play
socialIcon tips" target="external" title="follow us on
Youtube"><span>Youtube</span></a></li>
- <!--<li><a href="#" class="icon-rss socialIcon tips" title="Our rss
feed"><span>rss feed</span></a></li>
- <li><a href="#" class="icon-gplus socialIcon tips" title="follow us
on Google +"><span>google +</span></a></li>
- <li><a href="#" class="icon-instagram socialIcon tips"
title="follow us on Instagram"><span>instagram</span></a></li>
- <li><a href="#" class="icon-linkedin socialIcon tips" title="follow
us on Linkedin"><span>linkedin</span></a></li>
- <li><a href="#" class="icon-pinterest-circled socialIcon tips"
title="follow us on Pinterest"><span>Pinterest</span></a></li>-->
+ <li>
+ <a href="//twitter.com/ApacheOfbiz"
class="icon-twitter-bird socialIcon tips"
+ target="external" title="follow us on
Twitter"><span>twitter</span></a>
+ </li>
+ <li><a href="//www.linkedin.com/company/apache-ofbiz/"
target="external" class="icon-linkedin socialIcon tips" title="follow us on
Linkedin"><span>linkedin</span></a></li>
+ <li><a
href="//www.facebook.com/Apache-OFBiz-1478219232210477/?ref=page_internal"
target="external" class="icon-facebook socialIcon tips" title="follow us on
Facebook"><span>facebook</span></a></li>
+ <li><a href="//www.youtube.com/user/ofbiz" class="icon-play
socialIcon tips" target="external" title="follow us on
Youtube"><span>Youtube</span></a></li>
+ <!--<li><a href="#" class="icon-rss socialIcon tips"
title="Our rss feed"><span>rss feed</span></a></li>
+ <li><a href="#" class="icon-gplus socialIcon tips"
title="follow us on Google +"><span>google +</span></a></li>
+ <li><a href="#" class="icon-instagram socialIcon tips"
title="follow us on Instagram"><span>instagram</span></a></li>
+ <li><a href="#" class="icon-linkedin socialIcon tips"
title="follow us on Linkedin"><span>linkedin</span></a></li>
+ <li><a href="#" class="icon-pinterest-circled socialIcon
tips" title="follow us on Pinterest"><span>Pinterest</span></a></li>-->
</ul>
</nav>
</div>
@@ -141,13 +141,17 @@
<div class="tab-pane active" id="tabs-1">
<ul>
<li>
- <h2>OFBiz 18.12.05</h2>
- <a
href="https://www.apache.org/dyn/closer.lua/ofbiz/apache-ofbiz-18.12.05.zip";
target="external" class="moreLink">→ Download</a>
+ <h2>OFBiz 18.12.06</h2>
+ <a
href="https://www.apache.org/dyn/closer.lua/ofbiz/apache-ofbiz-18.12.06.zip";
target="external" class="moreLink">→ Download</a>
</li>
</ul>
</div>
<div class="tab-pane" id="tabs-2">
<ul>
+ <li>
+ <h2>OFBiz 18.12.06</h2>
+ <a href="release-notes-18.12.06.html"
class="moreLink">→ View</a>
+ </li>
<li>
<h2>OFBiz 18.12.05</h2>
<a href="release-notes-18.12.05.html"
class="moreLink">→ View</a>
@@ -196,6 +200,10 @@
<h2>OFBiz 17.12.03</h2>
<a href="release-notes-17.12.03.html"
class="moreLink">→ View</a>
</li>
+ <li>
+ <h2>OFBiz 17.12.02</h2>
+ <a href="release-notes-17.12.02.html"
class="moreLink">→ View</a>
+ </li>
<li>
<h2>OFBiz 17.12.01</h2>
<a href="release-notes-17.12.01.html"
class="moreLink">→ View</a>
@@ -220,10 +228,6 @@
<h2>OFBiz 16.11.03</h2>
<a href="release-notes-16.11.03.html"
class="moreLink">→ View</a>
</li>
- <li>
- <h2>OFBiz 16.11.02</h2>
- <a href="release-notes-16.11.02.html"
class="moreLink">→ View</a>
- </li>
<li>
<h2>OFBiz 16.11.01</h2>
<a href="release-notes-16.11.01.html"
class="moreLink">→ View</a>
@@ -264,14 +268,14 @@
<p>The history of security related fixes included in each release
is
available <a href="security.html">here</a></p>
- <h2>Apache OFBiz 18.12.05</h2>
+ <h2>Apache OFBiz 18.12.06</h2>
<div class="divider"><span></span></div>
- <p> Released on January 2022, this is the fifth release of the
18.12 series, that has been stabilized since December 2018.</p>
- <a
href="https://www.apache.org/dyn/closer.lua/ofbiz/apache-ofbiz-18.12.05.zip";
target="external" >Download OFBiz 18.12.05</a>
- <a
href="https://downloads.apache.org/ofbiz/apache-ofbiz-18.12.05.zip.asc";
target="external">[PGP]</a>
- <a
href="https://downloads.apache.org/ofbiz/apache-ofbiz-18.12.05.zip.sha512";
target="external">[SHA512]</a>
+ <p> Released on September 2022, this is the sixth and final
release of the 18.12 series, that has been stabilized since December 2018.</p>
+ <a
href="https://www.apache.org/dyn/closer.lua/ofbiz/apache-ofbiz-18.12.06.zip";
target="external" >Download OFBiz 18.12.05</a>
+ <a
href="https://downloads.apache.org/ofbiz/apache-ofbiz-18.12.06.zip.asc";
target="external">[PGP]</a>
+ <a
href="https://downloads.apache.org/ofbiz/apache-ofbiz-18.12.06.zip.sha512";
target="external">[SHA512]</a>
<a href="https://downloads.apache.org/ofbiz/KEYS";
target="external">[KEYS]</a>
- <a href="release-notes-18.12.05.html">[Release Notes]</a>
+ <a href="release-notes-18.12.06.html">[Release Notes]</a>
<p><strong>We strongly encourage OfBiz users to report security
problems affecting OFBiz to the private security mailing lists (either
secur...@ofbiz.apache.org or secur...@apache.org),
before disclosing them in a public forum. Please don't pack
several vulnerabilities in the same report, send them one by one, thanks in
advance.</strong></p>
@@ -353,7 +357,7 @@ available <a href="security.html">here</a></p>
<li><a
href="https://privacy.apache.org/policies/privacy-policy-public.html";
target="external">Privacy Policy</a></li>
<li><a href="https://www.apache.org/events/current-event";
target="external">Events</a></li>
<li><a href="https://www.apache.org/foundation/sponsorship.html";
target="external">Sponsorship</a>
- and <a
href="https://www.apache.org/foundation/contributing.html";
target="external">Donations</a>
+ and <a
href="https://www.apache.org/foundation/contributing.html";
target="external">Donations</a>
</li>
<li><a href="https://www.apache.org/foundation/thanks.html";
target="external">Thanks</a></li>
<li><a
href="https://ofbiz.apache.org/security.html";>Security</a></li>
diff --git a/download.html b/release-notes-18.12.06.html
similarity index 50%
copy from download.html
copy to release-notes-18.12.06.html
index 25b34ef..67bc40e 100644
--- a/download.html
+++ b/release-notes-18.12.06.html
@@ -6,7 +6,7 @@
<!--[if (gte IE 9)|!(IE)]><!-->
<head>
<meta charset="utf-8">
-<title>The Apache OFBiz® Project - Downloads</title>
+<title>The Apache OFBiz® Project - Release Notes 18.12.04</title>
<meta name="Description" content="OFBiz is an open source enterprise
automation software project licensed under the Apache License. It means you are
not alone and can work with many others." />
<meta name="Robots" content="index,follow" />
<!-- Mobile Specific Metas
@@ -82,7 +82,7 @@
</li>
<li><a href="#" class="firstLevel">Community</a>
<ul>
- <li><a href="getting-involved.html">Getting Involved</a></li>
+ <li><a href="getting-involved.html">Getting Involved</a></li>
<li><a href="mailing-lists.html">Mailing Lists</a></li>
<li><a href="source-repositories.html">Source
Repository</a></li>
<li><a href="download.html">Downloads</a></li>
@@ -91,18 +91,18 @@
</ul>
</li>
<li><a href="ofbiz-demos.html" class="firstLevel">Demos</a></li>
- <li>
- <a href="//twitter.com/ApacheOfbiz" class="icon-twitter-bird
socialIcon tips"
- target="external" title="follow us on
Twitter"><span>twitter</span></a>
- </li>
- <li><a href="//www.linkedin.com/company/apache-ofbiz/"
target="external" class="icon-linkedin socialIcon tips" title="follow us on
Linkedin"><span>linkedin</span></a></li>
- <li><a
href="//www.facebook.com/Apache-OFBiz-1478219232210477/?ref=page_internal"
target="external" class="icon-facebook socialIcon tips" title="follow us on
Facebook"><span>facebook</span></a></li>
- <li><a href="//www.youtube.com/user/ofbiz" class="icon-play
socialIcon tips" target="external" title="follow us on
Youtube"><span>Youtube</span></a></li>
- <!--<li><a href="#" class="icon-rss socialIcon tips" title="Our rss
feed"><span>rss feed</span></a></li>
- <li><a href="#" class="icon-gplus socialIcon tips" title="follow us
on Google +"><span>google +</span></a></li>
- <li><a href="#" class="icon-instagram socialIcon tips"
title="follow us on Instagram"><span>instagram</span></a></li>
- <li><a href="#" class="icon-linkedin socialIcon tips" title="follow
us on Linkedin"><span>linkedin</span></a></li>
- <li><a href="#" class="icon-pinterest-circled socialIcon tips"
title="follow us on Pinterest"><span>Pinterest</span></a></li>-->
+ <li>
+ <a href="//twitter.com/ApacheOfbiz"
class="icon-twitter-bird socialIcon tips"
+ target="external" title="follow us on
Twitter"><span>twitter</span></a>
+ </li>
+ <li><a href="//www.linkedin.com/company/apache-ofbiz/"
target="external" class="icon-linkedin socialIcon tips" title="follow us on
Linkedin"><span>linkedin</span></a></li>
+ <li><a
href="//www.facebook.com/Apache-OFBiz-1478219232210477/?ref=page_internal"
target="external" class="icon-facebook socialIcon tips" title="follow us on
Facebook"><span>facebook</span></a></li>
+ <li><a href="//www.youtube.com/user/ofbiz" class="icon-play
socialIcon tips" target="external" title="follow us on
Youtube"><span>Youtube</span></a></li>
+ <!--<li><a href="#" class="icon-rss socialIcon tips"
title="Our rss feed"><span>rss feed</span></a></li>
+ <li><a href="#" class="icon-gplus socialIcon tips"
title="follow us on Google +"><span>google +</span></a></li>
+ <li><a href="#" class="icon-instagram socialIcon tips"
title="follow us on Instagram"><span>instagram</span></a></li>
+ <li><a href="#" class="icon-linkedin socialIcon tips"
title="follow us on Linkedin"><span>linkedin</span></a></li>
+ <li><a href="#" class="icon-pinterest-circled socialIcon
tips" title="follow us on Pinterest"><span>Pinterest</span></a></li>-->
</ul>
</nav>
</div>
@@ -112,194 +112,138 @@
<!-- header -->
<!-- globalWrapper -->
<div id="globalWrapper">
-
-<!-- content -->
- <!-- page content -->
- <section id="content" class="sidebar">
+ <!-- page content -->
+ <section id="content" class="fullWidth">
<header class="headerPage">
<div class="container clearfix">
<div class="row">
- <h1 class="span8">Downloads</h1>
- <div class="span4" id="navTrail"> <a href="index.html"
class="homeLink">home</a><span>/</span><a href="#">Community</a><span>/</span>
<span class="current">Downloads</span> </div>
+ <h1 class="span8">Release Notes 18.12.06</h1>
+ <div class="span4" id="navTrail"> <a href="index.html"
class="homeLink">home</a><span>/</span><a
href="download.html">Download</a><span>/</span><span class="current">Release
Notes 18.12.06</span> </div>
</div>
</div>
</header>
- <div class="slice clearfix">
+ <section id="content" class="features" >
+ <div class="slice clearfix">
<div class="container">
- <div class="row">
- <!-- sidebar -->
- <aside class="span4" id="sidebar">
+<div class="row">
+ <div>
+ <p>Apache OFBiz® 18.12.06, released on September 2022, is the sixth and
final release of the 18.12 series, that has been stabilized since December
2018.</p>
- <section class="widget blogUpdates">
- <h2>Releases for Download</h2>
- <div class="divider"><span></span></div>
- <ul class="nav nav-tabs " id="myTab">
- <li class="active"><a href="#tabs-1"
data-toggle="tab">Downloads</a></li>
- <li><a href="#tabs-2" data-toggle="tab">Release Notes</a></li>
- </ul>
- <div class="tab-content">
- <div class="tab-pane active" id="tabs-1">
- <ul>
- <li>
- <h2>OFBiz 18.12.05</h2>
- <a
href="https://www.apache.org/dyn/closer.lua/ofbiz/apache-ofbiz-18.12.05.zip";
target="external" class="moreLink">→ Download</a>
- </li>
- </ul>
- </div>
- <div class="tab-pane" id="tabs-2">
- <ul>
- <li>
- <h2>OFBiz 18.12.05</h2>
- <a href="release-notes-18.12.05.html"
class="moreLink">→ View</a>
- </li>
- <li>
- <h2>OFBiz 18.12.04</h2>
- <a href="release-notes-18.12.04.html"
class="moreLink">→ View</a>
- </li>
- <li>
- <h2>OFBiz 18.12.03</h2>
- <a href="release-notes-18.12.03.html"
class="moreLink">→ View</a>
- </li>
- <li>
- <h2>OFBiz 18.12.02</h2>
- <a href="release-notes-18.12.02.html"
class="moreLink">→ View</a>
- </li>
- <li>
- <h2>OFBiz 18.12.01</h2>
- <a href="release-notes-18.12.01.html"
class="moreLink">→ View</a>
- </li>
- <li>
- <h2>OFBiz 17.12.09</h2>
- <a href="release-notes-17.12.09.html"
class="moreLink">→ View</a>
- </li>
- <li>
- <h2>OFBiz 17.12.08</h2>
- <a href="release-notes-17.12.08.html"
class="moreLink">→ View</a>
- </li>
- <li>
- <h2>OFBiz 17.12.07</h2>
- <a href="release-notes-17.12.07.html"
class="moreLink">→ View</a>
- </li>
- <li>
- <h2>OFBiz 17.12.06</h2>
- <a href="release-notes-17.12.06.html"
class="moreLink">→ View</a>
- </li>
- <li>
- <h2>OFBiz 17.12.05</h2>
- <a href="release-notes-17.12.05.html"
class="moreLink">→ View</a>
- </li>
- <li>
- <h2>OFBiz 17.12.04</h2>
- <a href="release-notes-17.12.04.html"
class="moreLink">→ View</a>
- </li>
- <li>
- <h2>OFBiz 17.12.03</h2>
- <a href="release-notes-17.12.03.html"
class="moreLink">→ View</a>
- </li>
- <li>
- <h2>OFBiz 17.12.01</h2>
- <a href="release-notes-17.12.01.html"
class="moreLink">→ View</a>
- </li>
- <li>
- <h2>OFBiz 16.11.07</h2>
- <a href="release-notes-16.11.07.html"
class="moreLink">→ View</a>
- </li>
- <li>
- <h2>OFBiz 16.11.06</h2>
- <a href="release-notes-16.11.06.html"
class="moreLink">→ View</a>
- </li>
- <li>
- <h2>OFBiz 16.11.05</h2>
- <a href="release-notes-16.11.05.html"
class="moreLink">→ View</a>
- </li>
- <li>
- <h2>OFBiz 16.11.04</h2>
- <a href="release-notes-16.11.04.html"
class="moreLink">→ View</a>
- </li>
- <li>
- <h2>OFBiz 16.11.03</h2>
- <a href="release-notes-16.11.03.html"
class="moreLink">→ View</a>
- </li>
- <li>
- <h2>OFBiz 16.11.02</h2>
- <a href="release-notes-16.11.02.html"
class="moreLink">→ View</a>
- </li>
- <li>
- <h2>OFBiz 16.11.01</h2>
- <a href="release-notes-16.11.01.html"
class="moreLink">→ View</a>
- </li>
- <li>
- <h2>OFBiz 13.07.03</h2>
- <a href="release-notes-13.07.03.html"
class="moreLink">→ View</a>
- </li>
- <li>
- <h2>OFBiz 13.07.02</h2>
- <a href="release-notes-13.07.02.html"
class="moreLink">→ View</a>
- </li>
- <li>
- <h2>OFBiz 13.07.01</h2>
- <a href="release-notes-13.07.01.html"
class="moreLink">→ View</a>
- </li>
- <li>
- <h2>OFBiz 12.04.06</h2>
- <a href="release-notes-12.04.06.html"
class="moreLink">→ View</a>
- </li>
- </ul>
- </div>
- </div>
- </section>
- </aside>
- <!-- sidebar -->
- <div class="span8">
- <h2>Download Apache OFBiz</h2>
- <div class="divider"><span></span></div>
- <div class="imgWrapper"> <img src="images/Download.jpg" alt="image
fullwidth"> </div>
- <p> <strong> Use the links below to download Apache OFBiz releases
from the "Apache Download Mirrors" page. The download page also includes
instructions on how to verify the integrity of the release file using the
signature and hash (PGP, SHA512) available for each release. If you need more
information about why and how to verify the integrity of the release file <a
href="http://www.apache.org/info/verification.html"; class="moreLink">this
→ page is what you look for</a>< [...]
-
- <p> <strong> Then, to install OFBiz, follow the explanations in
the "INSTALL" file found in the just downloaded/extracted OFBiz main
directory.</strong> </p>
-
- <p> <strong>PLEASE NOTE:</strong> Despite our best efforts to
maintain up to three active release branches, support for older branches can
decrease because our project volunteers may be focused on other issues. We
recommend using releases from the most recent branch wherever possible. </p>
-
- <p><strong>NOTE: To minimize the risk of security vulnerabilities
the Apache OFBiz community highly recommends that all users upgrade to the
latest stable release.</strong></p>
- <p>The history of security related fixes included in each release
is
-available <a href="security.html">here</a></p>
-
- <h2>Apache OFBiz 18.12.05</h2>
- <div class="divider"><span></span></div>
- <p> Released on January 2022, this is the fifth release of the
18.12 series, that has been stabilized since December 2018.</p>
- <a
href="https://www.apache.org/dyn/closer.lua/ofbiz/apache-ofbiz-18.12.05.zip";
target="external" >Download OFBiz 18.12.05</a>
- <a
href="https://downloads.apache.org/ofbiz/apache-ofbiz-18.12.05.zip.asc";
target="external">[PGP]</a>
- <a
href="https://downloads.apache.org/ofbiz/apache-ofbiz-18.12.05.zip.sha512";
target="external">[SHA512]</a>
- <a href="https://downloads.apache.org/ofbiz/KEYS";
target="external">[KEYS]</a>
- <a href="release-notes-18.12.05.html">[Release Notes]</a>
- <p><strong>We strongly encourage OfBiz users to report security
problems affecting OFBiz to the private security mailing lists (either
secur...@ofbiz.apache.org or secur...@apache.org),
- before disclosing them in a public forum. Please don't pack
several vulnerabilities in the same report, send them one by one, thanks in
advance.</strong></p>
+ Release Notes - OFBiz - Version 18.12.06
+
+<h2> Sub-task
+</h2>
+<ul>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-11407'>OFBIZ-11407</a>] -
Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938)
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-11948'>OFBIZ-11948</a>] -
Remote Code Execution (File Upload) Vulnerability
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12539'>OFBIZ-12539</a>] -
Upgrade Tomcat from 9.0.54 to 9.0.58
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12549'>OFBIZ-12549</a>] -
[SECURITY] CVE-2022-23437: Infinite loop within Apache XercesJ xml parser
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12558'>OFBIZ-12558</a>] -
Possible authenticated attack related to Tomcat CVE-2020-1938
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12573'>OFBIZ-12573</a>] -
CLONE - [SECURITY] Upgrade Tika to 1.28.1
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12582'>OFBIZ-12582</a>] -
Prevent post-Auth vulnerability: FreeMarker Bypass
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12584'>OFBIZ-12584</a>] -
Stored XSS in webappPath parameter from content/control/EditWebSite
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12592'>OFBIZ-12592</a>] -
Prevent possible DOS attack done using Java deserialisation
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12594'>OFBIZ-12594</a>] -
Prevent Freemarker interpolation in fields
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12626'>OFBIZ-12626</a>] -
[SECURITY] Upgrade Tika to 1.28.3
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12656'>OFBIZ-12656</a>] -
Update Solr and Lucene from 8.11.1 to 8.11.2 for security reason
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12657'>OFBIZ-12657</a>] -
[SECURITY] Upgrade Tika to 1.28.4
+</li>
+</ul>
+
+<h2> Bug
+</h2>
+<ul>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-11429'>OFBIZ-11429</a>] -
Setting VIEW-INDEX to 0, when not initialised in ForumScreens.xml#Showforum
"New Message" Link
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12097'>OFBIZ-12097</a>] -
Date picker not initialised in ajax-called form
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12178'>OFBIZ-12178</a>] -
ModelInduceFromDb does not show entity relations.
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12264'>OFBIZ-12264</a>] -
Multiple Facility Inventory reservation does not consider store facility
thru date
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12359'>OFBIZ-12359</a>] -
ProductFacility on ecommerce listing product issue
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12455'>OFBIZ-12455</a>] -
Product inventory reservation places orders if quantityNotReserved !=0 and
requireInventory=Y
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12466'>OFBIZ-12466</a>] -
Solr generates an error
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12478'>OFBIZ-12478</a>] -
Screen Xml renderer failed on renderContainer[Begin,End] ftl macro
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12485'>OFBIZ-12485</a>] -
AssetMaint not accessible by user with 'VIEW' permission
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12505'>OFBIZ-12505</a>] -
Wrong Field Name Definition in RequirementForms
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12548'>OFBIZ-12548</a>] -
placeholder text has been implemented but seems to do nothing
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12550'>OFBIZ-12550</a>] -
Manufacturing Jobshop find screen by default does not show all production
runs
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12552'>OFBIZ-12552</a>] -
View for ViewBinaryDataResource missing
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12555'>OFBIZ-12555</a>] -
default-field-type hidden doesn't works for auto-fields-service
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12571'>OFBIZ-12571</a>] -
Groovy denied list bypass causes post-auth RCE from
webtools/control/ProgramExport
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12595'>OFBIZ-12595</a>] -
Test run was unsuccessful because of failing solr tests
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12600'>OFBIZ-12600</a>] -
Solr requires application/x-www-form-urlencoded
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12602'>OFBIZ-12602</a>] -
XML Import fails due to security check
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12603'>OFBIZ-12603</a>] -
In place editor wrong enable on display field
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12618'>OFBIZ-12618</a>] -
German Translation - Inv. Nr.
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12619'>OFBIZ-12619</a>] -
Required field not working on upload type form
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12625'>OFBIZ-12625</a>] -
Webtools Service Logs ‘Service Name’ column always empty
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12635'>OFBIZ-12635</a>] -
Add missing notification tag in services xsd file
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12636'>OFBIZ-12636</a>] -
Unable to upload a file through ecommerce, but if i move the same menu to
Webtools,Its working.
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12685'>OFBIZ-12685</a>] -
Content tag in a screen does not display correctly images
+</li>
+</ul>
+
+<h2> Improvement
+</h2>
+<ul>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-6065'>OFBIZ-6065</a>] -
Data of tenant specific component gets loaded in all instances
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-6066'>OFBIZ-6066</a>] -
Tenant specific components are visible/accessible in any tenant instance
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12589'>OFBIZ-12589</a>] -
Update to Tomcat 9.0.60
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12590'>OFBIZ-12590</a>] -
Update to log4j 2.17.2
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12599'>OFBIZ-12599</a>] -
In UtilHttp, for regex processing of urls, replace Java regexp with RE2J
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12632'>OFBIZ-12632</a>] -
German Translation - Category
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12670'>OFBIZ-12670</a>] -
Make loading of data containing urls configurable
+</li>
+</ul>
- <p>Note that we no longer create CVEs for post-auth attacks done
using demo credentials, notably using the admin user.
- <strong> <a href="https://s.apache.org/dsj2p";> Rather create bugs
reports in our issue tracker (Jira) for that.</a><span style="color:red">
Please don't create Jira issues for unauth (aka pre-auth) reports, thanks in
advance.</span></strong></p>
-
-
- <p>One of the reason we no longer create CVEs for post-auth
attacks done using demo credentials is because
- <a
href="https://nightlies.apache.org/ofbiz/trunk/readme/html5/#security";
target="external"> we highly suggest to OFBiz users to not use credentials demo
in production</a>
- and we expect OFBiz users to do so.
- <a
href="https://cwiki.apache.org/confluence/display/OFBIZ/Keeping+OFBiz+secure";
target="external"> We also warn our users on the "Keeping OFBiz secure wiki
page".</a>
- And finally, mostly we reject post-auth vulnerabilities because we
have a solid CSRF defense.</p>
-
-
- <h2>Earlier Releases</h2>
- <div class="divider"><span></span></div>
- <p>Older superseded releases of Apache OFBiz can be found in the
<a href="//archive.apache.org/dist/ofbiz/" target="external">Apache OFBiz
archive</a></p>
- <p>A description of each release in the history of OFBiz can be <a
href="//downloads.apache.org/ofbiz/" target="external">found here</a></p>
- </div>
- </div>
- </div>
- </div>
- </section>
-
-<!-- content -->
-<!-- footer -->
+ </div>
+</div>
+</div>
+</div>
+</section>
+</section><!-- footer -->
<footer class="footer1">
<div class="container" id="footer">
<div class="row">
@@ -353,7 +297,7 @@ available <a href="security.html">here</a></p>
<li><a
href="https://privacy.apache.org/policies/privacy-policy-public.html";
target="external">Privacy Policy</a></li>
<li><a href="https://www.apache.org/events/current-event";
target="external">Events</a></li>
<li><a href="https://www.apache.org/foundation/sponsorship.html";
target="external">Sponsorship</a>
- and <a
href="https://www.apache.org/foundation/contributing.html";
target="external">Donations</a>
+ and <a
href="https://www.apache.org/foundation/contributing.html";
target="external">Donations</a>
</li>
<li><a href="https://www.apache.org/foundation/thanks.html";
target="external">Thanks</a></li>
<li><a
href="https://ofbiz.apache.org/security.html";>Security</a></li>
diff --git a/template/page/download.tpl.php b/template/page/download.tpl.php
index 52071ef..01f5933 100644
--- a/template/page/download.tpl.php
+++ b/template/page/download.tpl.php
@@ -30,13 +30,17 @@
<div class="tab-pane active" id="tabs-1">
<ul>
<li>
- <h2>OFBiz 18.12.05</h2>
- <a
href="https://www.apache.org/dyn/closer.lua/ofbiz/apache-ofbiz-18.12.05.zip";
target="external" class="moreLink">→ Download</a>
+ <h2>OFBiz 18.12.06</h2>
+ <a
href="https://www.apache.org/dyn/closer.lua/ofbiz/apache-ofbiz-18.12.06.zip";
target="external" class="moreLink">→ Download</a>
</li>
</ul>
</div>
<div class="tab-pane" id="tabs-2">
<ul>
+ <li>
+ <h2>OFBiz 18.12.06</h2>
+ <a href="release-notes-18.12.06.html"
class="moreLink">→ View</a>
+ </li>
<li>
<h2>OFBiz 18.12.05</h2>
<a href="release-notes-18.12.05.html"
class="moreLink">→ View</a>
@@ -153,14 +157,14 @@
<p>The history of security related fixes included in each release
is
available <a href="security.html">here</a></p>
- <h2>Apache OFBiz 18.12.05</h2>
+ <h2>Apache OFBiz 18.12.06</h2>
<div class="divider"><span></span></div>
- <p> Released on January 2022, this is the fifth release of the
18.12 series, that has been stabilized since December 2018.</p>
- <a
href="https://www.apache.org/dyn/closer.lua/ofbiz/apache-ofbiz-18.12.05.zip";
target="external" >Download OFBiz 18.12.05</a>
- <a
href="https://downloads.apache.org/ofbiz/apache-ofbiz-18.12.05.zip.asc";
target="external">[PGP]</a>
- <a
href="https://downloads.apache.org/ofbiz/apache-ofbiz-18.12.05.zip.sha512";
target="external">[SHA512]</a>
+ <p> Released on September 2022, this is the sixth and final
release of the 18.12 series, that has been stabilized since December 2018.</p>
+ <a
href="https://www.apache.org/dyn/closer.lua/ofbiz/apache-ofbiz-18.12.06.zip";
target="external" >Download OFBiz 18.12.05</a>
+ <a
href="https://downloads.apache.org/ofbiz/apache-ofbiz-18.12.06.zip.asc";
target="external">[PGP]</a>
+ <a
href="https://downloads.apache.org/ofbiz/apache-ofbiz-18.12.06.zip.sha512";
target="external">[SHA512]</a>
<a href="https://downloads.apache.org/ofbiz/KEYS";
target="external">[KEYS]</a>
- <a href="release-notes-18.12.05.html">[Release Notes]</a>
+ <a href="release-notes-18.12.06.html">[Release Notes]</a>
<p><strong>We strongly encourage OfBiz users to report security
problems affecting OFBiz to the private security mailing lists (either
secur...@ofbiz.apache.org or secur...@apache.org),
before disclosing them in a public forum. Please don't pack
several vulnerabilities in the same report, send them one by one, thanks in
advance.</strong></p>
diff --git a/template/page/release-notes-18.12.06.tpl.php
b/template/page/release-notes-18.12.06.tpl.php
new file mode 100644
index 0000000..26cd075
--- /dev/null
+++ b/template/page/release-notes-18.12.06.tpl.php
@@ -0,0 +1,135 @@
+<?php //Variable declarations for region templates
+ $head_title = '<title>The Apache OFBiz® Project - Release Notes
18.12.04</title>';
+?>
+ <!-- page content -->
+ <section id="content" class="fullWidth">
+ <header class="headerPage">
+ <div class="container clearfix">
+ <div class="row">
+ <h1 class="span8">Release Notes 18.12.06</h1>
+ <div class="span4" id="navTrail"> <a href="index.html"
class="homeLink">home</a><span>/</span><a
href="download.html">Download</a><span>/</span><span class="current">Release
Notes 18.12.06</span> </div>
+ </div>
+ </div>
+ </header>
+ <section id="content" class="features" >
+ <div class="slice clearfix">
+ <div class="container">
+<div class="row">
+ <div>
+ <p>Apache OFBiz® 18.12.06, released on September 2022, is the sixth and
final release of the 18.12 series, that has been stabilized since December
2018.</p>
+
+
+
+ Release Notes - OFBiz - Version 18.12.06
+
+<h2> Sub-task
+</h2>
+<ul>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-11407'>OFBIZ-11407</a>] -
Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938)
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-11948'>OFBIZ-11948</a>] -
Remote Code Execution (File Upload) Vulnerability
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12539'>OFBIZ-12539</a>] -
Upgrade Tomcat from 9.0.54 to 9.0.58
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12549'>OFBIZ-12549</a>] -
[SECURITY] CVE-2022-23437: Infinite loop within Apache XercesJ xml parser
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12558'>OFBIZ-12558</a>] -
Possible authenticated attack related to Tomcat CVE-2020-1938
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12573'>OFBIZ-12573</a>] -
CLONE - [SECURITY] Upgrade Tika to 1.28.1
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12582'>OFBIZ-12582</a>] -
Prevent post-Auth vulnerability: FreeMarker Bypass
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12584'>OFBIZ-12584</a>] -
Stored XSS in webappPath parameter from content/control/EditWebSite
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12592'>OFBIZ-12592</a>] -
Prevent possible DOS attack done using Java deserialisation
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12594'>OFBIZ-12594</a>] -
Prevent Freemarker interpolation in fields
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12626'>OFBIZ-12626</a>] -
[SECURITY] Upgrade Tika to 1.28.3
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12656'>OFBIZ-12656</a>] -
Update Solr and Lucene from 8.11.1 to 8.11.2 for security reason
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12657'>OFBIZ-12657</a>] -
[SECURITY] Upgrade Tika to 1.28.4
+</li>
+</ul>
+
+<h2> Bug
+</h2>
+<ul>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-11429'>OFBIZ-11429</a>] -
Setting VIEW-INDEX to 0, when not initialised in ForumScreens.xml#Showforum
"New Message" Link
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12097'>OFBIZ-12097</a>] -
Date picker not initialised in ajax-called form
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12178'>OFBIZ-12178</a>] -
ModelInduceFromDb does not show entity relations.
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12264'>OFBIZ-12264</a>] -
Multiple Facility Inventory reservation does not consider store facility
thru date
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12359'>OFBIZ-12359</a>] -
ProductFacility on ecommerce listing product issue
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12455'>OFBIZ-12455</a>] -
Product inventory reservation places orders if quantityNotReserved !=0 and
requireInventory=Y
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12466'>OFBIZ-12466</a>] -
Solr generates an error
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12478'>OFBIZ-12478</a>] -
Screen Xml renderer failed on renderContainer[Begin,End] ftl macro
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12485'>OFBIZ-12485</a>] -
AssetMaint not accessible by user with 'VIEW' permission
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12505'>OFBIZ-12505</a>] -
Wrong Field Name Definition in RequirementForms
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12548'>OFBIZ-12548</a>] -
placeholder text has been implemented but seems to do nothing
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12550'>OFBIZ-12550</a>] -
Manufacturing Jobshop find screen by default does not show all production
runs
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12552'>OFBIZ-12552</a>] -
View for ViewBinaryDataResource missing
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12555'>OFBIZ-12555</a>] -
default-field-type hidden doesn't works for auto-fields-service
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12571'>OFBIZ-12571</a>] -
Groovy denied list bypass causes post-auth RCE from
webtools/control/ProgramExport
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12595'>OFBIZ-12595</a>] -
Test run was unsuccessful because of failing solr tests
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12600'>OFBIZ-12600</a>] -
Solr requires application/x-www-form-urlencoded
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12602'>OFBIZ-12602</a>] -
XML Import fails due to security check
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12603'>OFBIZ-12603</a>] -
In place editor wrong enable on display field
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12618'>OFBIZ-12618</a>] -
German Translation - Inv. Nr.
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12619'>OFBIZ-12619</a>] -
Required field not working on upload type form
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12625'>OFBIZ-12625</a>] -
Webtools Service Logs ‘Service Name’ column always empty
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12635'>OFBIZ-12635</a>] -
Add missing notification tag in services xsd file
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12636'>OFBIZ-12636</a>] -
Unable to upload a file through ecommerce, but if i move the same menu to
Webtools,Its working.
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12685'>OFBIZ-12685</a>] -
Content tag in a screen does not display correctly images
+</li>
+</ul>
+
+<h2> Improvement
+</h2>
+<ul>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-6065'>OFBIZ-6065</a>] -
Data of tenant specific component gets loaded in all instances
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-6066'>OFBIZ-6066</a>] -
Tenant specific components are visible/accessible in any tenant instance
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12589'>OFBIZ-12589</a>] -
Update to Tomcat 9.0.60
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12590'>OFBIZ-12590</a>] -
Update to log4j 2.17.2
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12599'>OFBIZ-12599</a>] -
In UtilHttp, for regex processing of urls, replace Java regexp with RE2J
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12632'>OFBIZ-12632</a>] -
German Translation - Category
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12670'>OFBIZ-12670</a>] -
Make loading of data containing urls configurable
+</li>
+</ul>
+
+ </div>
+</div>
+</div>
+</div>
+</section>
+</section>
\ No newline at end of file
