This is an automated email from the ASF dual-hosted git repository.
nmalin pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ofbiz-site.git
The following commit(s) were added to refs/heads/master by this push:
new 697bc15 Improved: Add new OFBiz version 24.09.02
697bc15 is described below
commit 697bc15bc03424e150264ca3b75032c1c3c01366
Author: Nicolas Malin <nicolas.ma...@nereide.fr>
AuthorDate: Mon Aug 4 11:57:27 2025 +0200
Improved: Add new OFBiz version 24.09.02
---
download.html | 20 +-
dtds/service-eca.xsd | 2 +
release-notes-24.09.02.html | 261 +++++++++++++++++++++++++++
security.html | 3 +
template/page/download.tpl.php | 20 +-
template/page/release-notes-24.09.02.tpl.php | 66 +++++++
template/page/security.tpl.php | 1 +
7 files changed, 357 insertions(+), 16 deletions(-)
diff --git a/download.html b/download.html
index dde827c..8f991de 100644
--- a/download.html
+++ b/download.html
@@ -129,13 +129,17 @@
<div class="tab-pane active" id="tabs-1">
<ul>
<li>
- <h2>OFBiz 24.09.01</h2>
- <a
href="https://downloads.apache.org/ofbiz/apache-ofbiz-24.09.01.zip";
target="external" class="moreLink">→ Download</a>
+ <h2>OFBiz 24.09.02</h2>
+ <a
href="https://downloads.apache.org/ofbiz/apache-ofbiz-24.09.02.zip";
target="external" class="moreLink">→ Download</a>
</li>
</ul>
</div>
<div class="tab-pane" id="tabs-2">
<ul>
+ <li>
+ <h2>OFBiz 24.09.02</h2>
+ <a href="release-notes-24.09.02.html"
class="moreLink">→ View</a>
+ </li>
<li>
<h2>OFBiz 24.09.01</h2>
<a href="release-notes-24.09.01.html"
class="moreLink">→ View</a>
@@ -312,16 +316,16 @@
<p>The history of security related fixes included in each release
is
available <a href="security.html">here</a></p>
- <h2>Apache OFBiz 24.09.01</h2>
+ <h2>Apache OFBiz 24.09.02</h2>
<div class="divider"><span></span></div>
<p>Released in April 2025, this is the first release of the 24.09
series, which has been feature-frozen since September 2024, receiving only bug
fixes.</p>
- <a
href="https://downloads.apache.org/ofbiz/apache-ofbiz-24.09.01.zip";
target="external" >Download OFBiz 24.09.01</a>
- <a
href="https://downloads.apache.org/ofbiz/apache-ofbiz-24.09.01.zip.asc";
target="external">[PGP]</a>
- <a
href="https://downloads.apache.org/ofbiz/apache-ofbiz-24.09.01.zip.sha512";
target="external">[SHA512]</a>
+ <a
href="https://downloads.apache.org/ofbiz/apache-ofbiz-24.09.02.zip";
target="external" >Download OFBiz 24.09.02</a>
+ <a
href="https://downloads.apache.org/ofbiz/apache-ofbiz-24.09.02.zip.asc";
target="external">[PGP]</a>
+ <a
href="https://downloads.apache.org/ofbiz/apache-ofbiz-24.09.02.zip.sha512";
target="external">[SHA512]</a>
<a href="https://downloads.apache.org/ofbiz/KEYS";
target="external">[KEYS]</a>
- <a href="release-notes-24.09.01.html">[Release Notes]</a>
+ <a href="release-notes-24.09.02.html">[Release Notes]</a>
- <p><strong>We strongly encourage OfBiz users to report security
problems affecting OFBiz to the private security mailing lists (either
secur...@ofbiz.apache.org or secur...@apache.org),
+ <p><strong>We strongly encourage OFBiz users to report security
problems affecting OFBiz to the private security mailing lists (either
secur...@ofbiz.apache.org or secur...@apache.org),
before disclosing them in a public forum. Please don't pack
several vulnerabilities in the same report, send them one by one, thanks in
advance.</strong></p>
diff --git a/dtds/service-eca.xsd b/dtds/service-eca.xsd
index cc2f058..24ad862 100644
--- a/dtds/service-eca.xsd
+++ b/dtds/service-eca.xsd
@@ -154,6 +154,8 @@ under the License.
<xs:enumeration value="is-empty"/>
<xs:enumeration value="is-not-empty"/>
<xs:enumeration value="contains"/>
+ <xs:enumeration value="in"/>
+ <xs:enumeration value="not-in"/>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
diff --git a/release-notes-24.09.02.html b/release-notes-24.09.02.html
new file mode 100644
index 0000000..51fc61b
--- /dev/null
+++ b/release-notes-24.09.02.html
@@ -0,0 +1,261 @@
+<!DOCTYPE html>
+<html lang="en">
+<!--[if lt IE 7 ]><html class="ie ie6" lang="en"> <![endif]-->
+<!--[if IE 7 ]><html class="ie ie7" lang="en"> <![endif]-->
+<!--[if IE 8 ]><html class="ie ie8" lang="en"> <![endif]-->
+<!--[if (gte IE 9)|!(IE)]><!-->
+<head>
+<meta charset="utf-8">
+<title>The Apache OFBiz® Project - Release Notes 24.09.02</title>
+<meta name="Description" content="OFBiz is an open source enterprise
automation software project licensed under the Apache License. It means you are
not alone and can work with many others." />
+<meta name="Robots" content="index,follow" />
+<!-- Mobile Specific Metas
+ ================================================== -->
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<!-- CSS
+ ================================================== -->
+<!-- local fonts -->
+<link type="text/css" id="fonts" rel="stylesheet" href="/css/fonts.css">
+<!-- Bootstrap -->
+<link type="text/css" rel="stylesheet" href="/bootstrap/css/bootstrap.min.css">
+<!-- plugin css -->
+<link rel="stylesheet" type="text/css"
href="/js/plugins/pretty-photo/css/prettyPhoto.css" />
+<link rel="stylesheet" type="text/css"
href="/js/plugins/rs-plugin/css/settings.css" media="screen" />
+<link type="text/css" rel="stylesheet"
href="/js/plugins/hoverdir/css/style.css">
+<!-- icon fonts -->
+<link type="text/css" rel="stylesheet"
href="/font-icons/custom-icons/css/custom-icons.css">
+<link type="text/css" rel="stylesheet"
href="/font-icons/custom-icons/css/custom-icons-ie7.css">
+<!-- Custom css -->
+<link type="text/css" rel="stylesheet" href="/css/layout.css">
+<link type="text/css" id="colors" rel="stylesheet" href="/css/colors.css">
+<!--[if lt IE 9]><script
src="//html5shim.googlecode.com/svn/trunk/html5.js"></script><![endif]-->
+<!--[if gte IE 9]><style type="text/css">.iconBig, .active, .hover a , .Shover
a { filter: none !important; } </style> <![endif]-->
+<script src="js/modernizr-2.6.1.min.js"></script>
+<!-- Favicons
+ ================================================== -->
+<link rel="shortcut icon" href="/images/favicon.ico">
+<link rel="apple-touch-icon" href="/images/apple-icon.png">
+<link rel="apple-touch-icon" sizes="72x72" href="/images/apple-icon-72x72.png">
+<link rel="apple-touch-icon" sizes="114x114"
href="/images/apple-icon-114x114.png">
+<link rel="apple-touch-icon" sizes="144x144"
href="/images/apple-icon-144x144.png">
+</head>
+<body>
+<!-- header -->
+<header id="mainHeader" class="clearfix">
+ <div class="navbar navbar-fixed-top">
+ <div class="navbar-inner">
+ <div class="container"> <a href="index.html" class="brand"><img
src="images/ofbiz_logo.png" alt="Apache OFBiz Logo"/></a>
+ <nav id="mainMenu" class="clearfix">
+ <ul>
+ <li><a href="index.html" class="firstLevel">Home</a></li>
+ <li><a href="#" class="firstLevel">Getting Started</a>
+ <ul>
+ <li><a href="developers.html" class="">Developers</a></li>
+ <li><a href="business-users.html" class="last">Business
Users</a></li>
+ </ul>
+ </li>
+ <li><a href="#" class="firstLevel">News</a>
+ <ul>
+ <li><a href="//blogs.apache.org/ofbiz/" target="external"
class="last">Blog</a></li>
+ </ul>
+ </li>
+ <li><a href="#" class="firstLevel">Documentation</a>
+ <ul>
+ <li><a
href="//cwiki.apache.org/confluence/display/OFBIZ/Documentation"
target="external" class="">User Documentation</a></li>
+ <li><a
href="//cwiki.apache.org/confluence/display/OFBIZ/Technical+Documentation"
target="external" class="">Technical Documentation</a></li>
+ <li><a href="//cwiki.apache.org/confluence/display/OFBIZ/Home"
target="external" class="">Wiki</a></li>
+ <li><a href="#" class="firstLevel">API Reference</a>
+ <ul>
+ <li title="Trunk API">
+ <a
href="https://nightlies.apache.org/ofbiz/trunk/javadoc/";
target="external">Trunk API</a>
+ </li>
+ <li title="Stable release API">
+ <a
href="https://nightlies.apache.org/ofbiz/stable/javadoc/";
target="external">Stable Release API</a>
+ </li>
+ <li title="Next release API">
+ <a
href="https://nightlies.apache.org/ofbiz/next/javadoc/"; target="external">Next
Release API</a>
+ </li>
+ </ul>
+ </li>
+ </ul>
+ </li>
+ <li><a href="#" class="firstLevel">Community</a>
+ <ul>
+ <li><a href="getting-involved.html">Getting Involved</a></li>
+ <li><a href="mailing-lists.html">Mailing Lists</a></li>
+ <li><a href="source-repositories.html">Source
Repository</a></li>
+ <li><a href="download.html">Downloads</a></li>
+ <li><a href="https://s.apache.org/dsj2p"; target="external"
>Issue Tracker</a></li>
+ <li><a href="faqs.html" class="last">FAQ</a></li>
+ </ul>
+ </li>
+ <li><a href="ofbiz-demos.html" class="firstLevel">Demos</a></li>
+ <li><a href="//www.youtube.com/user/ofbiz" class="icon-play
socialIcon tips" target="external" title="follow us on
Youtube"><span>Youtube</span></a></li>
+ </ul>
+ </nav>
+ </div>
+ </div>
+ </div>
+</header>
+<!-- header -->
+<!-- globalWrapper -->
+<div id="globalWrapper">
+ <!-- page content -->
+ <section id="content" class="fullWidth">
+ <header class="headerPage">
+ <div class="container clearfix">
+ <div class="row">
+ <h1 class="span8">Release Notes 24.09.02</h1>
+ <div class="span4" id="navTrail">
+ <a href="index.html" class="homeLink">home</a>
+ <span>/</span>
+ <a href="download.html">Download</a>
+ <span>/</span><span class="current">Release Notes
24.09.02</span>
+ </div>
+ </div>
+ </div>
+ </header>
+ <section id="content" class="features" >
+ <div class="slice clearfix">
+ <div class="container">
+<div class="row">
+ <div>
+ <p>Apache OFBiz® 24.09.02, released in August 2025, is the second
release of the 24.09 series, which has been feature-frozen since September
2024, receiving only bug fixes.</p>
+
+<h2>Sub-task</h2>
+<ul>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-13264'>OFBIZ-13264</a>] -
[SECURITY] Several CVEs in Apache Tomcat</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-13275'>OFBIZ-13275</a>] -
[SECURITY] Several CVEs in Apache Tomcat</li>
+</ul>
+
+<h2>Bug</h2>
+<ul>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-13222'>OFBIZ-13222</a>] -
Error viewing entities with fromDate key in entity maintenance
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-13223'>OFBIZ-13223</a>] -
Error rendering included form "MandatoryWorkEfforts" when
approving parent production run
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-13225'>OFBIZ-13225</a>] -
ClassCastException on PO Receipt in OFBiz - GStringImpl cannot be cast to
String
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-13226'>OFBIZ-13226</a>] -
Error When Adding Actual Material After Confirming Production Run in OFBiz
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-13229'>OFBIZ-13229</a>] -
[SECURITY] Several CVEs in Apache Tomcat
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-13231'>OFBIZ-13231</a>] -
Ajax request fail on restful page
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-13254'>OFBIZ-13254</a>] -
ArithmeticException when producing inventory with general cost set on
routing task
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-13258'>OFBIZ-13258</a>] -
Update communication event failed if statusId is null
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-13265'>OFBIZ-13265</a>] -
Update Apache commons-fileupload to last version (CVE-2025-48976)
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-13268'>OFBIZ-13268</a>] -
Fix ClassCastException in EntityConditionBuilder.createNode when using
EntityFunction keys
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-13270'>OFBIZ-13270</a>] -
Incorrect service call for internal requirement may trigger unnecessary
production runs
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-13274'>OFBIZ-13274</a>] -
Viewing records in Webtools/Entity Data Management got broken
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-13279'>OFBIZ-13279</a>] -
Bugfix-ScreenFopViewHandler-check-adding-PDFEncryption
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-13224'>OFBIZ-13224</a>] -
Support visual-editor-buttons attribute on textareas
+</li>
+ <!--
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-13276'>OFBIZ-13276</a>] -
[SECURITY] CVE-2025-54466 RCE Vulnerability in scrum plugin
+</li>
+</ul>
+-->
+<!-- footer -->
+<footer class="footer1">
+ <div class="container" id="footer">
+ <div class="row">
+ <div class="span6 timelineWidget">
+ </div>
+ <div class="span3 contactWidget">
+ <h2>Contact Community</h2>
+ <div class="divider"><span></span></div>
+ <ul>
+ <li><a href="mailing-lists.html">Mailing Lists</a></li>
+ <li><a href="source-repositories.html">Source Repository
(Git)</a></li>
+ <li><a href="https://s.apache.org/dsj2p"; target="external">Issue
Tracker (Jira)</a></li>
+ <li><a href="//www.youtube.com/user/ofbiz" target="external">OFBiz
Youtube Channel</a></li>
+ <li><a href="//vimeo.com/channels/apacheofbiz"
target="external">OFBiz Vimeo Channel</a></li>
+ <li>
+ <a href="//s.apache.org/ofbiz-slack-channel"
target="external">OFBiz Chat</a><br/>
+ <span class="footer-note">
+ Note: To chat with users and developers of Apache OFBiz.
+ <br>Please create a Slack account using <a
href="//s.apache.org/slack-invite" target="external">this invite link</a> and
+ <a href="//s.apache.org/ofbiz-slack-channel"
target="external">join the <b>#ofbiz channel</b>.</a>
+ Please do <b>not</b> ask OFBiz questions in the #general channel.
+ </span>
+ </li>
+ <li><a
href="//cwiki.apache.org/confluence/display/OFBIZ/Apache+OFBiz+PMC+Members+and+Committers"
target="external">Who we are</a></li>
+ </ul>
+ </div>
+ <div class="span3 sociallWidget">
+ <h2>ASF Information</h2>
+ <div class="divider"><span></span></div>
+ <ul>
+ <li><a href="https://www.apache.org/foundation/";
target="external">Apache Software Foundation</a></li>
+ <li><a
href="https://privacy.apache.org/policies/privacy-policy-public.html";
target="external">Privacy Policy</a></li>
+ <li><a href="https://www.apache.org/events/current-event";
target="external">Events</a></li>
+ <li><a href="https://www.apache.org/foundation/sponsorship.html";
target="external">Sponsorship</a>
+ and <a href="https://www.apache.org/foundation/contributing.html";
target="external">Donations</a>
+ </li>
+ <li><a href="https://www.apache.org/foundation/thanks.html";
target="external">Thanks</a></li>
+ <li><a
href="https://ofbiz.apache.org/security.html";>Security</a></li>
+ <li><a href="https://www.apache.org/licenses/";
target="external">License</a></li>
+ </ul>
+ </div>
+ </div>
+ </div>
+</footer>
+<footer class="footer2" id="footerRights">
+ <div class="container">
+ <div class="row">
+ <div class="span12">
+ <p>
+ Copyright © 2025 The Apache Software Foundation.
+ <a href="https://www.apache.org/licenses/";
target="external">Licensed under the Apache License, Version 2.0</a>.<br/>
+ Apache OFBiz, OFBiz, the project logo and the Apache feather logo
are trademarks of <a href="https://www.apache.org/"; target="external">The
Apache Software Foundation.</a>
+ </p>
+ </div>
+ </div>
+ </div>
+</footer>
+<!-- footer -->
+</div>
+<!-- globalWrapper -->
+<script type="text/javascript"
src="js/plugins/respond/respond.min.js"></script>
+<script type="text/javascript" src="js/jquery-1.12.4.min.js"></script>
+<script type="text/javascript" src="js/jquery-migrate-1.0.0.min.js"></script>
+<script type="text/javascript"
src="js/plugins/jquery-browser-plugin/jquery.browser.min.js"></script>
+<!-- third party plugins -->
+<script type="text/javascript" src="bootstrap/js/bootstrap.js"></script>
+<script type="text/javascript"
src="bootstrap/js/bootstrap-carousel.js"></script>
+<script type="text/javascript"
src="js/plugins/easing/jquery.easing.1.3.js"></script>
+<script type="text/javascript"
src="js/plugins/pretty-photo/js/jquery.prettyPhoto.js"></script>
+<script type="text/javascript"
src="js/plugins/hoverdir/jquery.hoverdir.js"></script>
+<!-- jQuery KenBurn Slider -->
+<script type="text/javascript"
src="js/plugins/rs-plugin/js/jquery.themepunch.plugins.min.js"></script>
+<script type="text/javascript"
src="js/plugins/rs-plugin/js/jquery.themepunch.revolution.min.js"></script>
+<!-- Custom -->
+<script type="text/javascript" src="js/custom.js"></script>
+<!-- Matomo -->
+<script type="text/javascript">
+ var _paq = window._paq = window._paq || [];
+ /* tracker methods like "setCustomDimension" should be called before
+"trackPageView" */
+ /* We explicitly disable cookie tracking to avoid privacy issues */
+ _paq.push(['disableCookies']);
+ _paq.push(['trackPageView']);
+ _paq.push(['enableLinkTracking']);
+ (function() {
+ var u="https://analytics.apache.org/";;
+ _paq.push(['setTrackerUrl', u+'matomo.php']);
+ _paq.push(['setSiteId', '21']);
+ var d=document, g=d.createElement('script'),
s=d.getElementsByTagName('script')[0];
+ g.async=true; g.src=u+'matomo.js'; s.parentNode.insertBefore(g,s);
+ })();
+</script>
+<!-- End Matomo Code -->
+</body>
+</html>
diff --git a/security.html b/security.html
index 32c04a0..c437dc4 100644
--- a/security.html
+++ b/security.html
@@ -141,6 +141,9 @@
<h3>List of Known Vulnerabilities</h3>
<ul class="iconsList">
+ <!--
+ <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54466"
target="external">CVE-2025-54466</a>; affected releases before 24.09.01; fixed
in 24.09.02 with commit <a
href="https://gitbox.apache.org/repos/asf?p=ofbiz-plugins.git;h=5a35b4f84f";
target="external">5a35b4f84f</a></li>
+ -->
<li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30676"
target="external">CVE-2025-30676</a>; affected releases before 18.12.19; fixed
in 18.12.19 with commits <a
href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=ddfe3727b1";
target="external">ddfe3727b1</a>, <a
href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=e7b7ae0eaa";
target="external">e7b7ae0eaa</a>, <a
href="https://gitbox.apache.org/repos/asf?p= [...]
<li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26865"
target="external">CVE-2025-26865</a>; affected OFBiz between releases 18.12.17
and 18.12.18; fixed in 18.12.18 with commits <a
href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=5c725123d2";
target="external">5c725123d2</a>, <a
href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=e663c6c1e9";
target="external">e663c6c1e9</a>, <a href="https://gitbox.apa [...]
<li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-48962"
target="external">CVE-2024-48962</a>; affected releases before 18.12.17; fixed
in 18.12.17 with commit <a
href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=761fb67d7f";
target="external">761fb67d7f</a></li>
diff --git a/template/page/download.tpl.php b/template/page/download.tpl.php
index ed1c391..3e919a2 100644
--- a/template/page/download.tpl.php
+++ b/template/page/download.tpl.php
@@ -30,13 +30,17 @@
<div class="tab-pane active" id="tabs-1">
<ul>
<li>
- <h2>OFBiz 24.09.01</h2>
- <a
href="https://downloads.apache.org/ofbiz/apache-ofbiz-24.09.01.zip";
target="external" class="moreLink">→ Download</a>
+ <h2>OFBiz 24.09.02</h2>
+ <a
href="https://downloads.apache.org/ofbiz/apache-ofbiz-24.09.02.zip";
target="external" class="moreLink">→ Download</a>
</li>
</ul>
</div>
<div class="tab-pane" id="tabs-2">
<ul>
+ <li>
+ <h2>OFBiz 24.09.02</h2>
+ <a href="release-notes-24.09.02.html"
class="moreLink">→ View</a>
+ </li>
<li>
<h2>OFBiz 24.09.01</h2>
<a href="release-notes-24.09.01.html"
class="moreLink">→ View</a>
@@ -213,16 +217,16 @@
<p>The history of security related fixes included in each release
is
available <a href="security.html">here</a></p>
- <h2>Apache OFBiz 24.09.01</h2>
+ <h2>Apache OFBiz 24.09.02</h2>
<div class="divider"><span></span></div>
<p>Released in April 2025, this is the first release of the 24.09
series, which has been feature-frozen since September 2024, receiving only bug
fixes.</p>
- <a
href="https://downloads.apache.org/ofbiz/apache-ofbiz-24.09.01.zip";
target="external" >Download OFBiz 24.09.01</a>
- <a
href="https://downloads.apache.org/ofbiz/apache-ofbiz-24.09.01.zip.asc";
target="external">[PGP]</a>
- <a
href="https://downloads.apache.org/ofbiz/apache-ofbiz-24.09.01.zip.sha512";
target="external">[SHA512]</a>
+ <a
href="https://downloads.apache.org/ofbiz/apache-ofbiz-24.09.02.zip";
target="external" >Download OFBiz 24.09.02</a>
+ <a
href="https://downloads.apache.org/ofbiz/apache-ofbiz-24.09.02.zip.asc";
target="external">[PGP]</a>
+ <a
href="https://downloads.apache.org/ofbiz/apache-ofbiz-24.09.02.zip.sha512";
target="external">[SHA512]</a>
<a href="https://downloads.apache.org/ofbiz/KEYS";
target="external">[KEYS]</a>
- <a href="release-notes-24.09.01.html">[Release Notes]</a>
+ <a href="release-notes-24.09.02.html">[Release Notes]</a>
- <p><strong>We strongly encourage OfBiz users to report security
problems affecting OFBiz to the private security mailing lists (either
secur...@ofbiz.apache.org or secur...@apache.org),
+ <p><strong>We strongly encourage OFBiz users to report security
problems affecting OFBiz to the private security mailing lists (either
secur...@ofbiz.apache.org or secur...@apache.org),
before disclosing them in a public forum. Please don't pack
several vulnerabilities in the same report, send them one by one, thanks in
advance.</strong></p>
diff --git a/template/page/release-notes-24.09.02.tpl.php
b/template/page/release-notes-24.09.02.tpl.php
new file mode 100644
index 0000000..9815c37
--- /dev/null
+++ b/template/page/release-notes-24.09.02.tpl.php
@@ -0,0 +1,66 @@
+<?php //Variable declarations for region templates
+ $head_title = '<title>The Apache OFBiz® Project - Release Notes
24.09.02</title>';
+?>
+ <!-- page content -->
+ <section id="content" class="fullWidth">
+ <header class="headerPage">
+ <div class="container clearfix">
+ <div class="row">
+ <h1 class="span8">Release Notes 24.09.02</h1>
+ <div class="span4" id="navTrail">
+ <a href="index.html" class="homeLink">home</a>
+ <span>/</span>
+ <a href="download.html">Download</a>
+ <span>/</span><span class="current">Release Notes
24.09.02</span>
+ </div>
+ </div>
+ </div>
+ </header>
+ <section id="content" class="features" >
+ <div class="slice clearfix">
+ <div class="container">
+<div class="row">
+ <div>
+ <p>Apache OFBiz® 24.09.02, released in August 2025, is the second
release of the 24.09 series, which has been feature-frozen since September
2024, receiving only bug fixes.</p>
+
+<h2>Sub-task</h2>
+<ul>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-13264'>OFBIZ-13264</a>] -
[SECURITY] Several CVEs in Apache Tomcat</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-13275'>OFBIZ-13275</a>] -
[SECURITY] Several CVEs in Apache Tomcat</li>
+</ul>
+
+<h2>Bug</h2>
+<ul>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-13222'>OFBIZ-13222</a>] -
Error viewing entities with fromDate key in entity maintenance
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-13223'>OFBIZ-13223</a>] -
Error rendering included form "MandatoryWorkEfforts" when
approving parent production run
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-13225'>OFBIZ-13225</a>] -
ClassCastException on PO Receipt in OFBiz - GStringImpl cannot be cast to
String
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-13226'>OFBIZ-13226</a>] -
Error When Adding Actual Material After Confirming Production Run in OFBiz
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-13229'>OFBIZ-13229</a>] -
[SECURITY] Several CVEs in Apache Tomcat
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-13231'>OFBIZ-13231</a>] -
Ajax request fail on restful page
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-13254'>OFBIZ-13254</a>] -
ArithmeticException when producing inventory with general cost set on
routing task
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-13258'>OFBIZ-13258</a>] -
Update communication event failed if statusId is null
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-13265'>OFBIZ-13265</a>] -
Update Apache commons-fileupload to last version (CVE-2025-48976)
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-13268'>OFBIZ-13268</a>] -
Fix ClassCastException in EntityConditionBuilder.createNode when using
EntityFunction keys
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-13270'>OFBIZ-13270</a>] -
Incorrect service call for internal requirement may trigger unnecessary
production runs
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-13274'>OFBIZ-13274</a>] -
Viewing records in Webtools/Entity Data Management got broken
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-13279'>OFBIZ-13279</a>] -
Bugfix-ScreenFopViewHandler-check-adding-PDFEncryption
+</li>
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-13224'>OFBIZ-13224</a>] -
Support visual-editor-buttons attribute on textareas
+</li>
+<!--
+<li>[<a
href='https://issues.apache.org/jira/browse/OFBIZ-13276'>OFBIZ-13276</a>] -
[SECURITY] CVE-2025-54466 RCE Vulnerability in scrum plugin
+</li>
+-->
+</ul>
diff --git a/template/page/security.tpl.php b/template/page/security.tpl.php
index 8fe0eb8..dfd1675 100644
--- a/template/page/security.tpl.php
+++ b/template/page/security.tpl.php
@@ -42,6 +42,7 @@
<h3>List of Known Vulnerabilities</h3>
<ul class="iconsList">
+ <li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54466"
target="external">CVE-2025-54466</a>; affected releases before 24.09.01; fixed
in 24.09.02 with commit <a
href="https://gitbox.apache.org/repos/asf?p=ofbiz-plugins.git;h=5a35b4f84f";
target="external">5a35b4f84f</a></li>
<li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30676"
target="external">CVE-2025-30676</a>; affected releases before 18.12.19; fixed
in 18.12.19 with commits <a
href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=ddfe3727b1";
target="external">ddfe3727b1</a>, <a
href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=e7b7ae0eaa";
target="external">e7b7ae0eaa</a>, <a
href="https://gitbox.apache.org/repos/asf?p= [...]
<li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26865"
target="external">CVE-2025-26865</a>; affected OFBiz between releases 18.12.17
and 18.12.18; fixed in 18.12.18 with commits <a
href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=5c725123d2";
target="external">5c725123d2</a>, <a
href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=e663c6c1e9";
target="external">e663c6c1e9</a>, <a href="https://gitbox.apa [...]
<li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-48962"
target="external">CVE-2024-48962</a>; affected releases before 18.12.17; fixed
in 18.12.17 with commit <a
href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=761fb67d7f";
target="external">761fb67d7f</a></li>
