This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch release24.09
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/release24.09 by this push:
new f6e9e95488 Fixed: [SECURITY] (CVE-2024-36104) Path traversal leading
to RCE (OFBIZ-13092)
f6e9e95488 is described below
commit f6e9e954884c167153f21e56678e7cd1545ab607
Author: Jacques Le Roux <jacques.le.r...@les7arts.com>
AuthorDate: Fri Jan 17 11:20:46 2025 +0100
Fixed: [SECURITY] (CVE-2024-36104) Path traversal leading to RCE
(OFBIZ-13092)
Fixes an import issue while backporting
StringUtil::splitWithStringSeparator.
---
framework/base/src/main/java/org/apache/ofbiz/base/util/StringUtil.java | 1 +
1 file changed, 1 insertion(+)
diff --git
a/framework/base/src/main/java/org/apache/ofbiz/base/util/StringUtil.java
b/framework/base/src/main/java/org/apache/ofbiz/base/util/StringUtil.java
index 86f3b0c6e7..b5cc4b03a6 100644
--- a/framework/base/src/main/java/org/apache/ofbiz/base/util/StringUtil.java
+++ b/framework/base/src/main/java/org/apache/ofbiz/base/util/StringUtil.java
@@ -20,6 +20,7 @@ package org.apache.ofbiz.base.util;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
+import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
