This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ofbiz-site.git
The following commit(s) were added to refs/heads/master by this push:
new 997ae23 [SECURITY] (CVE-2024-36104) Path traversal leading to RCE
(OFBIZ-13092)
997ae23 is described below
commit 997ae230701670320349a703ce9df301e64ee6ea
Author: Jacques Le Roux <jacques.le.r...@les7arts.com>
AuthorDate: Mon Jun 3 09:23:52 2024 +0200
[SECURITY] (CVE-2024-36104) Path traversal leading to RCE (OFBIZ-13092)
Also removes remaining commented out social networks information
---
business-users.html | 22 ----------------------
release-notes-18.12.14.html | 22 ----------------------
security.html | 1 +
template/page/security.tpl.php | 1 +
user-stories.html | 22 ----------------------
5 files changed, 2 insertions(+), 66 deletions(-)
diff --git a/business-users.html b/business-users.html
index 0380870..4fe5aea 100644
--- a/business-users.html
+++ b/business-users.html
@@ -56,7 +56,6 @@
</li>
<li><a href="#" class="firstLevel">News</a>
<ul>
- <li><a href="//twitter.com/apacheofbiz"
target="external">Twitter</a></li>
<li><a href="//blogs.apache.org/ofbiz/" target="external"
class="last">Blog</a></li>
</ul>
</li>
@@ -317,27 +316,6 @@
<div class="container" id="footer">
<div class="row">
<div class="span6 timelineWidget">
- <!--
- <h2>Latest tweets</h2>
- <div class="divider"><span></span></div>
- <ul class="socialNetwork nav">
- <li>
- <a href="//twitter.com/ApacheOfbiz" class="icon-twitter-bird
socialIcon tips"
- target="external" title="follow us on
Twitter"><span>twitter</span></a>
- </li>
- <li><a href="//www.youtube.com/user/ofbiz" class="icon-play
socialIcon tips" title="follow us on Youtube"><span>Youtube</span></a></li>
- <li><a
href="//www.facebook.com/Apache-OFBiz-1478219232210477/?ref=page_internal"
class="icon-facebook socialIcon tips" title="follow us on
Facebook"><span>facebook</span></a></li>
- <li><a href="#" class="icon-rss socialIcon tips" title="Our rss
feed"><span>rss feed</span></a></li>
- <li><a href="#" class="icon-gplus socialIcon tips" title="follow us
on Google +"><span>google +</span></a></li>
- <li><a href="#" class="icon-instagram socialIcon tips"
title="follow us on Instagram"><span>instagram</span></a></li>
- <li><a href="#" class="icon-linkedin socialIcon tips" title="follow
us on Linkedin"><span>linkedin</span></a></li>
- <li><a href="#" class="icon-pinterest-circled socialIcon tips"
title="follow us on Pinterest"><span>Pinterest</span></a></li>
- </ul>
- <div id="twitterFrame"> <a class="twitter-timeline"
href="//twitter.com/ApacheOfbiz?height=250" data-widget-id="588661945194192896"
data-tweet-limit="2" data-theme="dark" data-chrome="nofooter noheader
transparent" >Tweets by @ApacheOfbiz</a>
- <script>!function(d,s,id){var
js,fjs=d.getElementsByTagName(s)[0],p=/^http:/.test(d.location)?'http':'https';if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src=p+"://platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script>
- </div>
- -->
-
</div>
<div class="span3 contactWidget">
<h2>Contact Community</h2>
diff --git a/release-notes-18.12.14.html b/release-notes-18.12.14.html
index 2807157..c416663 100644
--- a/release-notes-18.12.14.html
+++ b/release-notes-18.12.14.html
@@ -56,7 +56,6 @@
</li>
<li><a href="#" class="firstLevel">News</a>
<ul>
- <li><a href="//twitter.com/apacheofbiz"
target="external">Twitter</a></li>
<li><a href="//blogs.apache.org/ofbiz/" target="external"
class="last">Blog</a></li>
</ul>
</li>
@@ -159,27 +158,6 @@
<div class="container" id="footer">
<div class="row">
<div class="span6 timelineWidget">
- <!--
- <h2>Latest tweets</h2>
- <div class="divider"><span></span></div>
- <ul class="socialNetwork nav">
- <li>
- <a href="//twitter.com/ApacheOfbiz" class="icon-twitter-bird
socialIcon tips"
- target="external" title="follow us on
Twitter"><span>twitter</span></a>
- </li>
- <li><a href="//www.youtube.com/user/ofbiz" class="icon-play
socialIcon tips" title="follow us on Youtube"><span>Youtube</span></a></li>
- <li><a
href="//www.facebook.com/Apache-OFBiz-1478219232210477/?ref=page_internal"
class="icon-facebook socialIcon tips" title="follow us on
Facebook"><span>facebook</span></a></li>
- <li><a href="#" class="icon-rss socialIcon tips" title="Our rss
feed"><span>rss feed</span></a></li>
- <li><a href="#" class="icon-gplus socialIcon tips" title="follow us
on Google +"><span>google +</span></a></li>
- <li><a href="#" class="icon-instagram socialIcon tips"
title="follow us on Instagram"><span>instagram</span></a></li>
- <li><a href="#" class="icon-linkedin socialIcon tips" title="follow
us on Linkedin"><span>linkedin</span></a></li>
- <li><a href="#" class="icon-pinterest-circled socialIcon tips"
title="follow us on Pinterest"><span>Pinterest</span></a></li>
- </ul>
- <div id="twitterFrame"> <a class="twitter-timeline"
href="//twitter.com/ApacheOfbiz?height=250" data-widget-id="588661945194192896"
data-tweet-limit="2" data-theme="dark" data-chrome="nofooter noheader
transparent" >Tweets by @ApacheOfbiz</a>
- <script>!function(d,s,id){var
js,fjs=d.getElementsByTagName(s)[0],p=/^http:/.test(d.location)?'http':'https';if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src=p+"://platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script>
- </div>
- -->
-
</div>
<div class="span3 contactWidget">
<h2>Contact Community</h2>
diff --git a/security.html b/security.html
index e97e3d7..22c9470 100644
--- a/security.html
+++ b/security.html
@@ -133,6 +133,7 @@
<h3>List of Known Vulnerabilities</h3>
<ul class="iconsList">
+ <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36104"
target="external">CVE-2024-36104</a>; affected releases before 18.12.14; fixed
in 18.12.14 with commits <a
href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=d33ce31012";
target="external">d33ce31012</a>, <a
href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=474e806816";
target="external">474e806816</a></li>
<li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32113"
target="external">CVE-2024-32113</a>; affected releases before 18.12.13; fixed
in 18.12.13 with commits <a
href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=b3b87d98dd";
target="external">b3b87d98dd</a>, <a
href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=ff316b6e22";
target="external">ff316b6e22</a></li>
<li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23946"
target="external">CVE-2024-23946</a>; affected releases before 18.12.12; fixed
in 18.12.12 with commits <a
href="https://github.com/apache/ofbiz-framework/commit/b1cf4ef3e1";
target="external">b1cf4ef3e1</a>, <a
href="https://github.com/apache/ofbiz-framework/commit/93f8a58419";
target="external">93f8a58419</a>, <a
href="https://github.com/apache/ofbiz-framework/commit/c910e413ba"; [...]
<li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25065"
target="external">CVE-2024-25065</a>; affected releases before 18.12.12; fixed
in 18.12.12 with commit <a
href="https://github.com/apache/ofbiz-framework/commit/b91a9b7f26";
target="external">b91a9b7f26</a></li>
diff --git a/template/page/security.tpl.php b/template/page/security.tpl.php
index 4c16bee..82bc857 100644
--- a/template/page/security.tpl.php
+++ b/template/page/security.tpl.php
@@ -34,6 +34,7 @@
<h3>List of Known Vulnerabilities</h3>
<ul class="iconsList">
+ <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36104"
target="external">CVE-2024-36104</a>; affected releases before 18.12.14; fixed
in 18.12.14 with commits <a
href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=d33ce31012";
target="external">d33ce31012</a>, <a
href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=474e806816";
target="external">474e806816</a></li>
<li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32113"
target="external">CVE-2024-32113</a>; affected releases before 18.12.13; fixed
in 18.12.13 with commits <a
href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=b3b87d98dd";
target="external">b3b87d98dd</a>, <a
href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=ff316b6e22";
target="external">ff316b6e22</a></li>
<li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23946"
target="external">CVE-2024-23946</a>; affected releases before 18.12.12; fixed
in 18.12.12 with commits <a
href="https://github.com/apache/ofbiz-framework/commit/b1cf4ef3e1";
target="external">b1cf4ef3e1</a>, <a
href="https://github.com/apache/ofbiz-framework/commit/93f8a58419";
target="external">93f8a58419</a>, <a
href="https://github.com/apache/ofbiz-framework/commit/c910e413ba"; [...]
<li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25065"
target="external">CVE-2024-25065</a>; affected releases before 18.12.12; fixed
in 18.12.12 with commit <a
href="https://github.com/apache/ofbiz-framework/commit/b91a9b7f26";
target="external">b91a9b7f26</a></li>
diff --git a/user-stories.html b/user-stories.html
index 4a298f3..9baa36b 100644
--- a/user-stories.html
+++ b/user-stories.html
@@ -56,7 +56,6 @@
</li>
<li><a href="#" class="firstLevel">News</a>
<ul>
- <li><a href="//twitter.com/apacheofbiz"
target="external">Twitter</a></li>
<li><a href="//blogs.apache.org/ofbiz/" target="external"
class="last">Blog</a></li>
</ul>
</li>
@@ -176,27 +175,6 @@
<div class="container" id="footer">
<div class="row">
<div class="span6 timelineWidget">
- <!--
- <h2>Latest tweets</h2>
- <div class="divider"><span></span></div>
- <ul class="socialNetwork nav">
- <li>
- <a href="//twitter.com/ApacheOfbiz" class="icon-twitter-bird
socialIcon tips"
- target="external" title="follow us on
Twitter"><span>twitter</span></a>
- </li>
- <li><a href="//www.youtube.com/user/ofbiz" class="icon-play
socialIcon tips" title="follow us on Youtube"><span>Youtube</span></a></li>
- <li><a
href="//www.facebook.com/Apache-OFBiz-1478219232210477/?ref=page_internal"
class="icon-facebook socialIcon tips" title="follow us on
Facebook"><span>facebook</span></a></li>
- <li><a href="#" class="icon-rss socialIcon tips" title="Our rss
feed"><span>rss feed</span></a></li>
- <li><a href="#" class="icon-gplus socialIcon tips" title="follow us
on Google +"><span>google +</span></a></li>
- <li><a href="#" class="icon-instagram socialIcon tips"
title="follow us on Instagram"><span>instagram</span></a></li>
- <li><a href="#" class="icon-linkedin socialIcon tips" title="follow
us on Linkedin"><span>linkedin</span></a></li>
- <li><a href="#" class="icon-pinterest-circled socialIcon tips"
title="follow us on Pinterest"><span>Pinterest</span></a></li>
- </ul>
- <div id="twitterFrame"> <a class="twitter-timeline"
href="//twitter.com/ApacheOfbiz?height=250" data-widget-id="588661945194192896"
data-tweet-limit="2" data-theme="dark" data-chrome="nofooter noheader
transparent" >Tweets by @ApacheOfbiz</a>
- <script>!function(d,s,id){var
js,fjs=d.getElementsByTagName(s)[0],p=/^http:/.test(d.location)?'http':'https';if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src=p+"://platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script>
- </div>
- -->
-
</div>
<div class="span3 contactWidget">
<h2>Contact Community</h2>
