This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/trunk by this push:
new 0ba6a540c0 Improved: Prevent URL parameters manipulation (OFBIZ-13147)
0ba6a540c0 is described below
commit 0ba6a540c0f8618e75cff0f377ce96cecea70310
Author: Jacques Le Roux <jacques.le.r...@les7arts.com>
AuthorDate: Wed Nov 20 12:07:45 2024 +0100
Improved: Prevent URL parameters manipulation (OFBIZ-13147)
We need only 1 allowedToken
---
framework/security/config/security.properties | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/framework/security/config/security.properties
b/framework/security/config/security.properties
index 8178422912..0dd78172a1 100644
--- a/framework/security/config/security.properties
+++ b/framework/security/config/security.properties
@@ -279,7 +279,7 @@
deniedWebShellTokens=$SHA$OFBiz$c_93W08vqLMlJHjOZ7_A6Wcaenw,$SHA$OFBiz$SigPYIfwa
#-- SHA-1 versions of tokens containing (as String) at least one
deniedWebShellTokens
#-- This is notably used to allow special values in query parameters.
#-- If you add a token beware that it does not content ",". It's the separator.
-allowedTokens=$SHA$OFBiz$EP-l2t4A_60cRYYnEqEaSiDjfrs,$SHA$OFBiz$JG1RWjLnFzQOpNRUqllybbbfyOE
+allowedTokens=$SHA$OFBiz$488OJhFI6NUQlvuqRVFHq6_KN8w
allowStringConcatenationInUploadedFiles=false
@@ -326,4 +326,4 @@ Content-Security-Policy=Content-Security-Policy-Report-Only
PolicyDirectives=default-src 'self'
#-- Give the size of shortener path when the functionality to shorter the url
is used
-path.shortener.size=10
\ No newline at end of file
+path.shortener.size=10
