[ofbiz-plugins] branch release22.01 updated: Fixed: Disable the Birt component in all branches (including trunk) because of CVE-2022-25371 (OFBIZ-12824)

jleroux Thu, 25 May 2023 07:28:29 -0700

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch release22.01
in repository https://gitbox.apache.org/repos/asf/ofbiz-plugins.git



The following commit(s) were added to refs/heads/release22.01 by this push:
     new 9e8fdc874 Fixed: Disable the Birt component in all branches (including 
trunk) because of CVE-2022-25371 (OFBIZ-12824)
9e8fdc874 is described below

commit 9e8fdc874cf2abf15ef4b78165cf7b2bbf0125ec
Author: Jacques Le Roux <jacques.le.r...@les7arts.com>
AuthorDate: Thu May 25 14:45:59 2023 +0200

    Fixed: Disable the Birt component in all branches (including trunk) because 
of CVE-2022-25371 (OFBIZ-12824)
    
    See https://lists.apache.org/thread/bvp3sczqq863lxr1wh7wjvdtjbkcwspq
    
    No patches were provided because only 18.12.06 was concerned so far
---
 birt/ofbiz-component.xml         | 8 ++++++--
 birt/src/docs/asciidoc/birt.adoc | 7 +++++++
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/birt/ofbiz-component.xml b/birt/ofbiz-component.xml
index 5e58dec61..7780467b0 100644
--- a/birt/ofbiz-component.xml
+++ b/birt/ofbiz-component.xml
@@ -18,7 +18,11 @@ specific language governing permissions and limitations
 under the License.
 -->
 
-<ofbiz-component name="birt" enabled="true"
+<!--
+   Warning: before you enable this component please read:
+https://cwiki.apache.org/confluence/display/OFBIZ/Using+BIRT+with+OFBiz
+-->
+<ofbiz-component name="birt" enabled="false"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
         
xsi:noNamespaceSchemaLocation="https://ofbiz.apache.org/dtds/ofbiz-component.xsd";>
     <resource-loader name="main" type="component"/>
@@ -40,7 +44,7 @@ under the License.
     <entity-resource type="model" reader-name="main" loader="main" 
location="entitydef/ServiceReportsView.xml"/>
 
     <service-resource type="model" loader="main" 
location="servicedef/services.xml"/>
-   
+
     <!-- this overrides the accounting, facility and order applications in 
order to use Birt in these applications -->
     <webapp name="accounting"
         title="Accounting"
diff --git a/birt/src/docs/asciidoc/birt.adoc b/birt/src/docs/asciidoc/birt.adoc
index 8c347472d..b5851b5fb 100644
--- a/birt/src/docs/asciidoc/birt.adoc
+++ b/birt/src/docs/asciidoc/birt.adoc
@@ -18,6 +18,13 @@ under the License.
 ////
 = Birt OFBiz® plugin
 The Apache OFBiz Project
+
+[CAUTION]
+====
+By default the Birt plugin is disabled for security reason, see the Birt 
ofbiz-component.xml file for more info.
+
+====
+
 ifdef::backend-pdf[]
 :title-logo-image: image::images/OFBiz-Logo.svg[Apache OFBiz Logo, 
pdfwidth=4.25in, align=center]
 :source-highlighter: rouge

[ofbiz-plugins] branch release22.01 updated: Fixed: Disable the Birt component in all branches (including trunk) because of CVE-2022-25371 (OFBIZ-12824)

Reply via email to