This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ofbiz-site.git
The following commit(s) were added to refs/heads/master by this push:
new 2d414f8 Fixed: [CVE-2025-30676] Only accept right URLs as referrer
(OFBIZ-13219)
2d414f8 is described below
commit 2d414f870c5b39013e5df95a82066e1332110b43
Author: Jacques Le Roux <[email protected]>
AuthorDate: Thu Apr 3 09:15:57 2025 +0200
Fixed: [CVE-2025-30676] Only accept right URLs as referrer (OFBIZ-13219)
Fixes a backport "typo" (UtilValidate::isUrlInString is UtilValidate::isUrl
in
24.09 and 18.12
In previous commit I missed to change VisitDetail.ftl. So I add the
dba044c706
commit to the security page for CVE-2025-30676, following Nicolas's idea
shared
privately: " Other security issues 'd be published by patch"
Hence people still using 18.12 branch and specifically 18.12.19 will be able
to "auto-update" and as I said "as long as it's reasonably possible..."
---
security.html | 2 +-
template/page/security.tpl.php | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/security.html b/security.html
index 67cb24d..61bbdd8 100644
--- a/security.html
+++ b/security.html
@@ -141,7 +141,7 @@
<h3>List of Known Vulnerabilities</h3>
<ul class="iconsList">
- <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30676"
target="external">CVE-2025-30676</a>; affected releases before 18.12.19; fixed
in 18.12.19 with commits <a
href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=ddfe3727b1";
target="external">ddfe3727b1</a>, <a
href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=e7b7ae0eaa";
target="external">e7b7ae0eaa</a></li>
+ <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30676"
target="external">CVE-2025-30676</a>; affected releases before 18.12.19; fixed
in 18.12.19 with commits <a
href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=ddfe3727b1";
target="external">ddfe3727b1</a>, <a
href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=e7b7ae0eaa";
target="external">e7b7ae0eaa</a>, <a
href="https://gitbox.apache.org/repos/asf?p= [...]
<li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26865"
target="external">CVE-2025-26865</a>; affected OFBiz between releases 18.12.17
and 18.12.18; fixed in 18.12.18 with commits <a
href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=5c725123d2";
target="external">5c725123d2</a>, <a
href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=e663c6c1e9";
target="external">e663c6c1e9</a>, <a href="https://gitbox.apa [...]
<li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-48962"
target="external">CVE-2024-48962</a>; affected releases before 18.12.17; fixed
in 18.12.17 with commit <a
href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=761fb67d7f";
target="external">761fb67d7f</a></li>
<li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47208"
target="external">CVE-2024-47208</a>; affected releases before 18.12.17; fixed
in 18.12.17 with commit <a
href="https://github.com/apache/ofbiz-framework/commit/f044a7e5bf";
target="external">f044a7e5bf</a></li>
diff --git a/template/page/security.tpl.php b/template/page/security.tpl.php
index b253e81..8fe0eb8 100644
--- a/template/page/security.tpl.php
+++ b/template/page/security.tpl.php
@@ -42,7 +42,7 @@
<h3>List of Known Vulnerabilities</h3>
<ul class="iconsList">
- <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30676"
target="external">CVE-2025-30676</a>; affected releases before 18.12.19; fixed
in 18.12.19 with commits <a
href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=ddfe3727b1";
target="external">ddfe3727b1</a>, <a
href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=e7b7ae0eaa";
target="external">e7b7ae0eaa</a></li>
+ <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30676"
target="external">CVE-2025-30676</a>; affected releases before 18.12.19; fixed
in 18.12.19 with commits <a
href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=ddfe3727b1";
target="external">ddfe3727b1</a>, <a
href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=e7b7ae0eaa";
target="external">e7b7ae0eaa</a>, <a
href="https://gitbox.apache.org/repos/asf?p= [...]
<li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26865"
target="external">CVE-2025-26865</a>; affected OFBiz between releases 18.12.17
and 18.12.18; fixed in 18.12.18 with commits <a
href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=5c725123d2";
target="external">5c725123d2</a>, <a
href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=e663c6c1e9";
target="external">e663c6c1e9</a>, <a href="https://gitbox.apa [...]
<li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-48962"
target="external">CVE-2024-48962</a>; affected releases before 18.12.17; fixed
in 18.12.17 with commit <a
href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=761fb67d7f";
target="external">761fb67d7f</a></li>
<li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47208"
target="external">CVE-2024-47208</a>; affected releases before 18.12.17; fixed
in 18.12.17 with commit <a
href="https://github.com/apache/ofbiz-framework/commit/f044a7e5bf";
target="external">f044a7e5bf</a></li>
