This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ofbiz-site.git
The following commit(s) were added to refs/heads/master by this push:
new cbff2f2 Improved: small changes, mostly formatting
cbff2f2 is described below
commit cbff2f2424ca24546d27bd2eb8530f9086396015
Author: Jacques Le Roux <[email protected]>
AuthorDate: Sun Sep 7 09:33:14 2025 +0200
Improved: small changes, mostly formatting
---
security.html | 10 +++-------
template/page/security.tpl.php | 10 +++-------
2 files changed, 6 insertions(+), 14 deletions(-)
diff --git a/security.html b/security.html
index 8b5acfc..8f1b359 100644
--- a/security.html
+++ b/security.html
@@ -117,13 +117,11 @@
<div class="row">
<h2>OFBiz Security</h2>
- <ul class="iconsList">
- <li><i class="icon-pin"></i> <a
href="//cwiki.apache.org/confluence/display/OFBIZ/OFBiz+Security+Permissions"
target="external">OFBiz Security Model : Permissions and related.</a> Be sure
to read the children pages in the left part of screen.</li>
- <li><i class="icon-pin"></i> <a
href="//cwiki.apache.org/confluence/display/OFBIZ/Keeping+OFBiz+secure"
target="external">Keeping OFBiz secure.</a> To keep your OFBiz instance secure
from exploits.</li>
- </ul>
+ <p><a
href="//cwiki.apache.org/confluence/display/OFBIZ/OFBiz+Security+Permissions"
target="external">OFBiz Security Model : Permissions and related.</a> Be sure
to read the children pages in the left part of screen.</p>
+ <p><a
href="//cwiki.apache.org/confluence/display/OFBIZ/Keeping+OFBiz+secure"
target="external">Keeping OFBiz secure.</a> To keep your OFBiz instance secure
from exploits.</p>
<p><strong>All system privileges, including access to potentially
vulnerable operations, are granted to administrators</strong>. Even if we
assume that administrators don't attack their own websites, it's essential to
exercise extra care when granting administrator privileges.
- Therefore, if a security breach occurs on the
administration page, it's generally not perceived as a problem. The
administrator holds the power. Unless an ordinary user manages to overstep
their bounds and act beyond their authority.
+ Therefore, if a security breach occurs on the
administration page (webtools), it's generally not perceived as a problem. The
administrator holds the power. Unless an ordinary user manages to overstep
their bounds and act beyond their authority.
So in the webtools page we only accept vulnerabilities
when using a not administrator credential.
</p>
@@ -139,8 +137,6 @@
<p>Please see the <a href="//www.apache.org/security"
target="external">ASF Security Team webpage</a> for further information about
reporting a security vulnerability as well as their contact information.</p>
-
-
<h3>List of Known Vulnerabilities</h3>
<ul class="iconsList">
<li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54466"
target="external">CVE-2025-54466</a>; affected releases before 24.09.01; fixed
in 24.09.02 with commit <a
href="https://gitbox.apache.org/repos/asf?p=ofbiz-plugins.git;h=5a35b4f84f";
target="external">5a35b4f84f</a></li>
diff --git a/template/page/security.tpl.php b/template/page/security.tpl.php
index b6a4e38..65fbd4f 100644
--- a/template/page/security.tpl.php
+++ b/template/page/security.tpl.php
@@ -18,13 +18,11 @@
<div class="row">
<h2>OFBiz Security</h2>
- <ul class="iconsList">
- <li><i class="icon-pin"></i> <a
href="//cwiki.apache.org/confluence/display/OFBIZ/OFBiz+Security+Permissions"
target="external">OFBiz Security Model : Permissions and related.</a> Be sure
to read the children pages in the left part of screen.</li>
- <li><i class="icon-pin"></i> <a
href="//cwiki.apache.org/confluence/display/OFBIZ/Keeping+OFBiz+secure"
target="external">Keeping OFBiz secure.</a> To keep your OFBiz instance secure
from exploits.</li>
- </ul>
+ <p><a
href="//cwiki.apache.org/confluence/display/OFBIZ/OFBiz+Security+Permissions"
target="external">OFBiz Security Model : Permissions and related.</a> Be sure
to read the children pages in the left part of screen.</p>
+ <p><a
href="//cwiki.apache.org/confluence/display/OFBIZ/Keeping+OFBiz+secure"
target="external">Keeping OFBiz secure.</a> To keep your OFBiz instance secure
from exploits.</p>
<p><strong>All system privileges, including access to potentially
vulnerable operations, are granted to administrators</strong>. Even if we
assume that administrators don't attack their own websites, it's essential to
exercise extra care when granting administrator privileges.
- Therefore, if a security breach occurs on the
administration page, it's generally not perceived as a problem. The
administrator holds the power. Unless an ordinary user manages to overstep
their bounds and act beyond their authority.
+ Therefore, if a security breach occurs on the
administration page (webtools), it's generally not perceived as a problem. The
administrator holds the power. Unless an ordinary user manages to overstep
their bounds and act beyond their authority.
So in the webtools page we only accept vulnerabilities
when using a not administrator credential.
</p>
@@ -40,8 +38,6 @@
<p>Please see the <a href="//www.apache.org/security"
target="external">ASF Security Team webpage</a> for further information about
reporting a security vulnerability as well as their contact information.</p>
-
-
<h3>List of Known Vulnerabilities</h3>
<ul class="iconsList">
<li><i class="icon-pin"></i> <a
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54466"
target="external">CVE-2025-54466</a>; affected releases before 24.09.01; fixed
in 24.09.02 with commit <a
href="https://gitbox.apache.org/repos/asf?p=ofbiz-plugins.git;h=5a35b4f84f";
target="external">5a35b4f84f</a></li>
