This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch release18.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-plugins.git
The following commit(s) were added to refs/heads/release18.12 by this push:
new 41ff12cf8 Fixed: Disable the Birt component in all branches (including
trunk) because of CVE-2022-25371 (OFBIZ-12824)
41ff12cf8 is described below
commit 41ff12cf803a76c79456317fdb029325689ed819
Author: Jacques Le Roux <jacques.le.r...@les7arts.com>
AuthorDate: Thu May 25 14:45:59 2023 +0200
Fixed: Disable the Birt component in all branches (including trunk) because
of CVE-2022-25371 (OFBIZ-12824)
See https://lists.apache.org/thread/bvp3sczqq863lxr1wh7wjvdtjbkcwspq
No patches were provided because only 18.12.06 was concerned so far
Conflicts handled by hand birt/src/docs/asciidoc/birt.adoc
---
birt/ofbiz-component.xml | 8 ++++++--
birt/src/docs/asciidoc/birt.adoc | 9 ++++++++-
2 files changed, 14 insertions(+), 3 deletions(-)
diff --git a/birt/ofbiz-component.xml b/birt/ofbiz-component.xml
index 36b106a4d..c9aa0f364 100644
--- a/birt/ofbiz-component.xml
+++ b/birt/ofbiz-component.xml
@@ -18,7 +18,11 @@ specific language governing permissions and limitations
under the License.
-->
-<ofbiz-component name="birt" enabled="true"
+<!--
+ Warning: before you enable this component please read:
+https://cwiki.apache.org/confluence/display/OFBIZ/Using+BIRT+with+OFBiz
+-->
+<ofbiz-component name="birt" enabled="false"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:noNamespaceSchemaLocation="https://ofbiz.apache.org/dtds/ofbiz-component.xsd";>
<resource-loader name="main" type="component"/>
@@ -42,7 +46,7 @@ under the License.
<entity-resource type="model" reader-name="main" loader="main"
location="entitydef/ServiceReportsView.xml"/>
<service-resource type="model" loader="main"
location="servicedef/services.xml"/>
-
+
<!-- this overrides the accounting, facility and order applications in
order to use Birt in these applications -->
<webapp name="accounting"
title="Accounting"
diff --git a/birt/src/docs/asciidoc/birt.adoc b/birt/src/docs/asciidoc/birt.adoc
index e556caa86..3d9a38cba 100644
--- a/birt/src/docs/asciidoc/birt.adoc
+++ b/birt/src/docs/asciidoc/birt.adoc
@@ -18,7 +18,14 @@ under the License.
////
= Birt Apache OFBiz® plugin
The Apache OFBiz Project
-Release 17.12
+
+
+[CAUTION]
+====
+By default the Birt plugin is disabled for security reason, see the Birt
ofbiz-component.xml file for more info.
+
+====
+
:imagesdir: ./images
ifdef::backend-pdf[]
:title-logo-image: image::OFBiz-Logo.svg[Apache OFBiz Logo, pdfwidth=4.25in,
align=center]
