(ofbiz-site) branch master updated: Fixed: [CVE-2025-30676] Only accept right URLs as referrer (OFBIZ-13219)

Tue, 01 Apr 2025 22:51:35 -0700 

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ofbiz-site.git


The following commit(s) were added to refs/heads/master by this push:
     new ab536e0  Fixed: [CVE-2025-30676] Only accept right URLs as referrer 
(OFBIZ-13219)
ab536e0 is described below

commit ab536e0a562931b9a567a8153633bdbdc8d9bb7d
Author: Jacques Le Roux <jacques.le.r...@les7arts.com>
AuthorDate: Wed Apr 2 07:09:01 2025 +0200

    Fixed: [CVE-2025-30676] Only accept right URLs as referrer (OFBIZ-13219)
    
    Completes previous commit by Nicolas that was missing the 2nd OFBIZ-13219 
commit
    to fix VisitDetail.ftl and concerned all before 18.12.19 (not only between
    18.12.18 and 18.12.19)
    
    Conflicts handled by hand
---
 security.html                  | 2 +-
 template/page/security.tpl.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/security.html b/security.html
index 76cfc91..67cb24d 100644
--- a/security.html
+++ b/security.html
@@ -141,7 +141,7 @@
 
             <h3>List of Known Vulnerabilities</h3>
             <ul class="iconsList">
-                <li><i class="icon-pin"></i> <a 
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30676" 
target="external">CVE-2025-30676</a>; affected OFBiz between releases 18.12.18 
and 18.12.19; fixed in 18.12.19 with commits <a 
href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=e7b7ae0eaa"; 
target="external">e7b7ae0eaa</a></li>
+                <li><i class="icon-pin"></i> <a 
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30676" 
target="external">CVE-2025-30676</a>; affected releases before 18.12.19; fixed 
in 18.12.19 with commits <a 
href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=ddfe3727b1"; 
target="external">ddfe3727b1</a>, <a 
href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=e7b7ae0eaa"; 
target="external">e7b7ae0eaa</a></li>
                 <li><i class="icon-pin"></i> <a 
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26865" 
target="external">CVE-2025-26865</a>; affected OFBiz between releases 18.12.17 
and 18.12.18; fixed in 18.12.18 with commits <a 
href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=5c725123d2"; 
target="external">5c725123d2</a>, <a 
href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=e663c6c1e9"; 
target="external">e663c6c1e9</a>, <a href="https://gitbox.apa [...]
                 <li><i class="icon-pin"></i> <a 
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-48962" 
target="external">CVE-2024-48962</a>; affected releases before 18.12.17; fixed 
in 18.12.17 with commit <a 
href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=761fb67d7f"; 
target="external">761fb67d7f</a></li>
                 <li><i class="icon-pin"></i> <a 
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47208" 
target="external">CVE-2024-47208</a>; affected releases before 18.12.17; fixed 
in 18.12.17 with commit <a 
href="https://github.com/apache/ofbiz-framework/commit/f044a7e5bf"; 
target="external">f044a7e5bf</a></li>
diff --git a/template/page/security.tpl.php b/template/page/security.tpl.php
index 2177840..b253e81 100644
--- a/template/page/security.tpl.php
+++ b/template/page/security.tpl.php
@@ -42,7 +42,7 @@
 
             <h3>List of Known Vulnerabilities</h3>
             <ul class="iconsList">
-                <li><i class="icon-pin"></i> <a 
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30676" 
target="external">CVE-2025-30676</a>; affected OFBiz between releases 18.12.18 
and 18.12.19; fixed in 18.12.19 with commits <a 
href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=e7b7ae0eaa"; 
target="external">e7b7ae0eaa</a></li>
+                <li><i class="icon-pin"></i> <a 
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30676" 
target="external">CVE-2025-30676</a>; affected releases before 18.12.19; fixed 
in 18.12.19 with commits <a 
href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=ddfe3727b1"; 
target="external">ddfe3727b1</a>, <a 
href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=e7b7ae0eaa"; 
target="external">e7b7ae0eaa</a></li>
                 <li><i class="icon-pin"></i> <a 
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26865" 
target="external">CVE-2025-26865</a>; affected OFBiz between releases 18.12.17 
and 18.12.18; fixed in 18.12.18 with commits <a 
href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=5c725123d2"; 
target="external">5c725123d2</a>, <a 
href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=e663c6c1e9"; 
target="external">e663c6c1e9</a>, <a href="https://gitbox.apa [...]
                 <li><i class="icon-pin"></i> <a 
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-48962" 
target="external">CVE-2024-48962</a>; affected releases before 18.12.17; fixed 
in 18.12.17 with commit <a 
href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=761fb67d7f"; 
target="external">761fb67d7f</a></li>
                 <li><i class="icon-pin"></i> <a 
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47208" 
target="external">CVE-2024-47208</a>; affected releases before 18.12.17; fixed 
in 18.12.17 with commit <a 
href="https://github.com/apache/ofbiz-framework/commit/f044a7e5bf"; 
target="external">f044a7e5bf</a></li>

Reply via email to