This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ofbiz-site.git
The following commit(s) were added to refs/heads/master by this push:
new d6b1b97 Improved: adds information about logs security
d6b1b97 is described below
commit d6b1b9739439daeb8a928acf4fa177b6f2c2d3d6
Author: Jacques Le Roux <[email protected]>
AuthorDate: Fri Sep 5 19:59:28 2025 +0200
Improved: adds information about logs security
---
security.html | 2 ++
template/page/security.tpl.php | 2 ++
2 files changed, 4 insertions(+)
diff --git a/security.html b/security.html
index 4bf76e4..8b5acfc 100644
--- a/security.html
+++ b/security.html
@@ -127,6 +127,8 @@
So in the webtools page we only accept vulnerabilities
when using a not administrator credential.
</p>
+ <p><strong>At the UI level the OFBiz logs are protected and should
not be vulnerable to exploits</strong>. We though still warn OFBiz users it's
important that out of OFBiz UI level logs files remain restricted to their
trusted users.</p>
+
<h2><a id="security"></a>Security Vulnerabilities</h2>
<div class="divider"><span></span></div>
diff --git a/template/page/security.tpl.php b/template/page/security.tpl.php
index 58989f9..b6a4e38 100644
--- a/template/page/security.tpl.php
+++ b/template/page/security.tpl.php
@@ -28,6 +28,8 @@
So in the webtools page we only accept vulnerabilities
when using a not administrator credential.
</p>
+ <p><strong>At the UI level the OFBiz logs are protected and should
not be vulnerable to exploits</strong>. We though still warn OFBiz users it's
important that out of OFBiz UI level logs files remain restricted to their
trusted users.</p>
+
<h2><a id="security"></a>Security Vulnerabilities</h2>
<div class="divider"><span></span></div>
