This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ofbiz-site.git
The following commit(s) were added to refs/heads/master by this push:
new a7ab7e2 Improved:
a7ab7e2 is described below
commit a7ab7e24a87c12d96a54ad679c6c4307268c8d5f
Author: Jacques Le Roux <jacques.le.r...@les7arts.com>
AuthorDate: Mon Dec 4 22:03:03 2023 +0100
Improved:
Adds
"[CVE-2022-47501] Arbitrary file reading vulnerability in Solr" to 18.12.09
"Remove deprecated Apache XML-RPC related code (CVE-2023-49070)" to 18.12.10
CVE-2023-49070 to security
---
release-notes-18.12.09.html | 6 ++++--
release-notes-18.12.10.html | 9 ++++++---
security.html | 1 +
template/page/release-notes-18.12.09.tpl.php | 6 ++++--
template/page/release-notes-18.12.10.tpl.php | 9 ++++++---
template/page/security.tpl.php | 1 +
6 files changed, 22 insertions(+), 10 deletions(-)
diff --git a/release-notes-18.12.09.html b/release-notes-18.12.09.html
index 3114f22..c8020eb 100644
--- a/release-notes-18.12.09.html
+++ b/release-notes-18.12.09.html
@@ -130,10 +130,12 @@
<p>Apache OFBiz® 18.12.09, released on November 2023, is the ninth
release of the 18.12 series, that has been stabilized since December 2018.</p>
Release Notes - OFBiz - Version 18.12.09
-
+
<h2> Sub-task
</h2>
<ul>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12792'>OFBIZ-12792</a>] -
[SECURITY] [CVE-2022-47501] Arbitrary file reading vulnerability in Solr
+</li>
<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12831'>OFBIZ-12831</a>] -
[SECURITY] CVE-2023-34981 Apache Tomcat
</li>
<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12839'>OFBIZ-12839</a>] -
[CVE-2023-34478] Apache Shiro, before 1.12.0, is susceptible to a path
traversal attack
@@ -143,7 +145,7 @@
<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12860'>OFBIZ-12860</a>] -
[SECURITY] Several CVEs in Apache Tomcat
</li>
</ul>
-
+
<h2> Bug
</h2>
<ul>
diff --git a/release-notes-18.12.10.html b/release-notes-18.12.10.html
index 54e8e5f..1ebde55 100644
--- a/release-notes-18.12.10.html
+++ b/release-notes-18.12.10.html
@@ -130,14 +130,17 @@
<p>Apache OFBiz® 18.12.10, released on December 2023, is the tenth
release of the 18.12 series, that has been stabilized since December 2018.</p>
Release Notes - OFBiz - Version 18.12.10
-
+
<h2> Sub-task
</h2>
<ul>
-<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12866'>OFBIZ-12866</a>] -
Upgrade Apache Shiro to 1.13.0 to fix CVE-2023-46750
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12812'>OFBIZ-12812</a>] -
[SECURITY] Remove deprecated Apache XML-RPC related code (CVE-2023-49070)
+</li>
+<ul>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12866'>OFBIZ-12866</a>] -
[SECURITY] Upgrade Apache Shiro to 1.13.0 to fix CVE-2023-46750
</li>
</ul>
-
+
<h2> Task
</h2>
<ul>
diff --git a/security.html b/security.html
index df7498f..d73007e 100644
--- a/security.html
+++ b/security.html
@@ -146,6 +146,7 @@
<h3>List of Known Vulnerabilities</h3>
<ul class="iconsList">
+ <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49070"
target="external">CVE-2023-49070</a>; affected release 18.12.09; fixed in
18.12.10 with commit <a
href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=c59336f604";
target="external">c59336f604</a></li>
<li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46819"
target="external">CVE-2023-46819</a>; affected release 18.12.08; fixed in
18.12.09 with commit <a
href="https://gitbox.apache.org/repos/asf?p=ofbiz-plugins.git;h=998bf510a";
target="external">998bf510a</a></li>
<li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25371"
target="external">CVE-2022-25371</a>; affected release 18.12.07; fixed in
18.12.08 with commit <a
href="https://github.com/apache/ofbiz-plugins/commit/41ff12cf8";
target="external">41ff12cf8</a></li>
<li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47501"
target="external">CVE-2022-47501</a>; affected releases before 18.12.07; fixed
in 18.12.07 with commit <a
href="https://github.com/apache/ofbiz-plugins/commit/582add7d3";
target="external">582add7d3</a></li>
diff --git a/template/page/release-notes-18.12.09.tpl.php
b/template/page/release-notes-18.12.09.tpl.php
index 8c42bd7..1d86dd8 100644
--- a/template/page/release-notes-18.12.09.tpl.php
+++ b/template/page/release-notes-18.12.09.tpl.php
@@ -19,10 +19,12 @@
<p>Apache OFBiz® 18.12.09, released on November 2023, is the ninth
release of the 18.12 series, that has been stabilized since December 2018.</p>
Release Notes - OFBiz - Version 18.12.09
-
+
<h2> Sub-task
</h2>
<ul>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12792'>OFBIZ-12792</a>] -
[SECURITY] [CVE-2022-47501] Arbitrary file reading vulnerability in Solr
+</li>
<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12831'>OFBIZ-12831</a>] -
[SECURITY] CVE-2023-34981 Apache Tomcat
</li>
<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12839'>OFBIZ-12839</a>] -
[CVE-2023-34478] Apache Shiro, before 1.12.0, is susceptible to a path
traversal attack
@@ -32,7 +34,7 @@
<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12860'>OFBIZ-12860</a>] -
[SECURITY] Several CVEs in Apache Tomcat
</li>
</ul>
-
+
<h2> Bug
</h2>
<ul>
diff --git a/template/page/release-notes-18.12.10.tpl.php
b/template/page/release-notes-18.12.10.tpl.php
index 6fb11f5..e77d9c2 100644
--- a/template/page/release-notes-18.12.10.tpl.php
+++ b/template/page/release-notes-18.12.10.tpl.php
@@ -19,14 +19,17 @@
<p>Apache OFBiz® 18.12.10, released on December 2023, is the tenth
release of the 18.12 series, that has been stabilized since December 2018.</p>
Release Notes - OFBiz - Version 18.12.10
-
+
<h2> Sub-task
</h2>
<ul>
-<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12866'>OFBIZ-12866</a>] -
Upgrade Apache Shiro to 1.13.0 to fix CVE-2023-46750
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12812'>OFBIZ-12812</a>] -
[SECURITY] Remove deprecated Apache XML-RPC related code (CVE-2023-49070)
+</li>
+<ul>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-12866'>OFBIZ-12866</a>] -
[SECURITY] Upgrade Apache Shiro to 1.13.0 to fix CVE-2023-46750
</li>
</ul>
-
+
<h2> Task
</h2>
<ul>
diff --git a/template/page/security.tpl.php b/template/page/security.tpl.php
index 7c6cfaf..e9a5bb2 100644
--- a/template/page/security.tpl.php
+++ b/template/page/security.tpl.php
@@ -35,6 +35,7 @@
<h3>List of Known Vulnerabilities</h3>
<ul class="iconsList">
+ <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49070"
target="external">CVE-2023-49070</a>; affected release 18.12.09; fixed in
18.12.10 with commit <a
href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=c59336f604";
target="external">c59336f604</a></li>
<li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46819"
target="external">CVE-2023-46819</a>; affected release 18.12.08; fixed in
18.12.09 with commit <a
href="https://gitbox.apache.org/repos/asf?p=ofbiz-plugins.git;h=998bf510a";
target="external">998bf510a</a></li>
<li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47501"
target="external">CVE-2022-47501</a>; affected release 18.12.07; fixed in
18.12.08 with commit <a
href="https://github.com/apache/ofbiz-plugins/commit/41ff12cf8";
target="external">41ff12cf8</a></li>
<li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47501"
target="external">CVE-2022-47501</a>; affected releases before 18.12.07; fixed
in 18.12.07 with commit <a
href="https://github.com/apache/ofbiz-plugins/commit/582add7d3";
target="external">582add7d3</a></li>
