This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ofbiz-site.git
The following commit(s) were added to refs/heads/master by this push:
new ff150ea Improved: major changes, WIP...
ff150ea is described below
commit ff150ea63311ba5f60b313fdddf8fe8edaada2da
Author: Jacques Le Roux <[email protected]>
AuthorDate: Fri Sep 5 11:20:14 2025 +0200
Improved: major changes, WIP...
---
security.html | 10 ++++++++++
template/page/security.tpl.php | 15 ++++++++++-----
2 files changed, 20 insertions(+), 5 deletions(-)
diff --git a/security.html b/security.html
index 9d71e3a..96f3609 100644
--- a/security.html
+++ b/security.html
@@ -115,9 +115,17 @@
<div class="slice clearfix">
<div class="container">
<div class="row">
+
+ <h2>OFBiz Security</h2>
+ <ul class="iconsList">
+ <li><i class="icon-pin"></i> <a
href="//cwiki.apache.org/confluence/display/OFBIZ/OFBiz+Security+Permissions"
target="external">OFBiz Security Model : Permissions and related.</a> Be sure
to read the children pages in the left part of screen.</li>
+ <li><i class="icon-pin"></i> <a
href="//cwiki.apache.org/confluence/display/OFBIZ/Keeping+OFBiz+secure"
target="external">Keeping OFBiz secure.</a> To keep your OFBiz instance secure
from exploits.</li>
+ </ul>
+
<h2><a id="security"></a>Security Vulnerabilities</h2>
<div class="divider"><span></span></div>
+
<p><strong>We strongly encourage OfBiz users to report security
problems affecting OFBiz to the private security mailing lists (either
preferably [email protected] or else [email protected]),
before publicly disclosing them once fixed. Please don't pack
several vulnerabilities in the same report, send them one by one, thanks in
advance.</strong></p>
@@ -128,6 +136,8 @@
<li><i class="icon-pin"></i> <a
href="//cwiki.apache.org/confluence/display/OFBIZ/OFBiz+Security+Permissions"
target="external">OFBiz Security Model : Permissions and related.</a> Be sure
to read the children pages in the left part of screen</li>
<li><i class="icon-pin"></i> <a
href="//cwiki.apache.org/confluence/display/OFBIZ/Keeping+OFBiz+secure"
target="external">Keeping OFBiz secure.</a> To keep your OFBiz instance secure
from exploits.</li>
</ul>
+ <p><strong>All system privileges, including access to potentially
vulnerable operations, are granted to administrators</strong>. Even if we
assume that administrators don't attack their own websites, it's essential to
exercise extra care when granting administrator privileges.
+ Therefore, if a security breach occurs on the administration
page, it's generally not perceived as a problem. The administrator holds the
power. Unless an ordinary user manages to overstep their bounds and act beyond
their authority.</p>
diff --git a/template/page/security.tpl.php b/template/page/security.tpl.php
index f2084eb..33011fb 100644
--- a/template/page/security.tpl.php
+++ b/template/page/security.tpl.php
@@ -16,19 +16,24 @@
<div class="slice clearfix">
<div class="container">
<div class="row">
+
+ <h2>OFBiz Security</h2>
+ <ul class="iconsList">
+ <li><i class="icon-pin"></i> <a
href="//cwiki.apache.org/confluence/display/OFBIZ/OFBiz+Security+Permissions"
target="external">OFBiz Security Model : Permissions and related.</a> Be sure
to read the children pages in the left part of screen.</li>
+ <li><i class="icon-pin"></i> <a
href="//cwiki.apache.org/confluence/display/OFBIZ/Keeping+OFBiz+secure"
target="external">Keeping OFBiz secure.</a> To keep your OFBiz instance secure
from exploits.</li>
+ </ul>
+
<h2><a id="security"></a>Security Vulnerabilities</h2>
<div class="divider"><span></span></div>
+
<p><strong>We strongly encourage OfBiz users to report security
problems affecting OFBiz to the private security mailing lists (either
preferably [email protected] or else [email protected]),
before publicly disclosing them once fixed. Please don't pack
several vulnerabilities in the same report, send them one by one, thanks in
advance.</strong></p>
<p>Please see the <a href="//www.apache.org/security"
target="external">ASF Security Team webpage</a> for further information about
reporting a security vulnerability as well as their contact information.</p>
- <h3>OFBiz Security</h3>
- <ul class="iconsList">
- <li><i class="icon-pin"></i> <a
href="//cwiki.apache.org/confluence/display/OFBIZ/OFBiz+Security+Permissions"
target="external">OFBiz Security Model : Permissions and related.</a> Be sure
to read the children pages in the left part of screen</li>
- <li><i class="icon-pin"></i> <a
href="//cwiki.apache.org/confluence/display/OFBIZ/Keeping+OFBiz+secure"
target="external">Keeping OFBiz secure.</a> To keep your OFBiz instance secure
from exploits.</li>
- </ul>
+ <p><strong>All system privileges, including access to potentially
vulnerable operations, are granted to administrators</strong>. Even if we
assume that administrators don't attack their own websites, it's essential to
exercise extra care when granting administrator privileges.
+ Therefore, if a security breach occurs on the administration
page, it's generally not perceived as a problem. The administrator holds the
power. Unless an ordinary user manages to overstep their bounds and act beyond
their authority.</p>
