(ofbiz-framework) branch trunk updated: Improved: we no longer use the notion of pre-auth and post-auth

Wed, 24 Sep 2025 00:30:38 -0700 

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git


The following commit(s) were added to refs/heads/trunk by this push:
     new 87bd37161f Improved: we no longer use the notion of pre-auth and 
post-auth
87bd37161f is described below

commit 87bd37161f146954931d4af67f0ea8c1671626c8
Author: Jacques Le Roux <[email protected]>
AuthorDate: Wed Sep 24 09:29:49 2025 +0200

    Improved: we no longer use the notion of pre-auth and post-auth
    
    We rather use the security policy detailed at
    https://ofbiz.apache.org/security.html
---
 README.adoc | 18 ++++++++----------
 1 file changed, 8 insertions(+), 10 deletions(-)

diff --git a/README.adoc b/README.adoc
index aaa712c04b..be9bf87af1 100644
--- a/README.adoc
+++ b/README.adoc
@@ -223,16 +223,6 @@ The current workaround is to clone the repository and run 
gradlew commands from
 [[security]]
 == Security
 
-* If you find a pre-auth security issue, please report it to: security @ 
ofbiz.apache.org.
-Once proper mitigations to the security issues are complete the OFBiz team will
-disclose this information to the public mailing list.
-* If you find a post-auth security issue, please 
https://s.apache.org/dsj2p[create a bug in our issue tracker (Jira)] .
-
-* If you want to use AJP on a non localhost OFBiz instance, you need to set 
the value of allowedRequestAttributesPattern
-in framework/catalina/ofbiz-component.xml
-
-You can find more information about security in OFBiz at
-https://cwiki.apache.org/confluence/display/OFBIZ/Keeping+OFBiz+secure[Keeping 
OFBiz secure]
 
 [CAUTION]
 ====
@@ -241,6 +231,14 @@ In production never use the credentials contained in demo 
data. Not only the adm
 Also we recommend to not use Windows Server in production because we are not 
supporting specific Windows related security issues.
 ====
 
+* If you want to use AJP on a non localhost OFBiz instance, you need to set 
the value of allowedRequestAttributesPattern
+in framework/catalina/ofbiz-component.xml
+
+
+You can find more information about security in OFBiz at
+https://ofbiz.apache.org/security.html[the official security page]
+
+
 [[build-system-syntax]]
 == Build system syntax

Reply via email to