(ofbiz-site) branch master updated: Fixed: [CVE-2025-59118] Improve ImageManagementServices code (OFBIZ-13292) Fixed: [CVE-2025-61623] Check parameters passed in URLs (OFBIZ-13295)

Tue, 11 Nov 2025 10:03:45 -0800 

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ofbiz-site.git


The following commit(s) were added to refs/heads/master by this push:
     new e09ecfa  Fixed: [CVE-2025-59118] Improve ImageManagementServices code 
(OFBIZ-13292) Fixed: [CVE-2025-61623] Check parameters passed in URLs 
(OFBIZ-13295)
e09ecfa is described below

commit e09ecfab6675eed72f9d6af843e7ea43e710eba1
Author: Jacques Le Roux <[email protected]>
AuthorDate: Tue Nov 11 19:02:51 2025 +0100

    Fixed: [CVE-2025-59118] Improve ImageManagementServices code (OFBIZ-13292)
    Fixed: [CVE-2025-61623] Check parameters passed in URLs (OFBIZ-13295)
---
 security.html                  | 4 +++-
 template/page/security.tpl.php | 4 +++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/security.html b/security.html
index d3f49d2..4ad8084 100644
--- a/security.html
+++ b/security.html
@@ -154,7 +154,9 @@
 
             <h3>List of Known Vulnerabilities</h3>
             <ul class="iconsList">
-                <li><i class="icon-pin"></i> <a 
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54466" 
target="external">CVE-2025-54466</a>; affected releases before 24.09.01; fixed 
in 24.09.02 with commit <a 
href="https://gitbox.apache.org/repos/asf?p=ofbiz-plugins.git;h=5a35b4f84f"; 
target="external">5a35b4f84f</a></li>
+                <li><i class="icon-pin"></i> <a 
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61623" 
target="external">CVE-2025-61623</a>; affected releases before 24.09.03; fixed 
in 24.09.03 with commits <a 
href="https://github.com/apache/ofbiz-framework/commit/4c624298a6"; 
target="external">4c624298a6</a>, <a 
href="https://github.com/apache/ofbiz-framework/commit/e8ad44dc36"; 
target="external">e8ad44dc36</a>, <a 
href="https://github.com/apache/ofbiz-framework/commit/505c88cf45"; [...]
+                <li><i class="icon-pin"></i> <a 
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59118" 
target="external">CVE-2025-59118</a>; affected releases before 24.09.03; fixed 
in 24.09.03 with commits <a 
href="https://github.com/apache/ofbiz-framework/commit/e1d30e8f55"; 
target="external">e1d30e8f55</a>, <a 
href="https://github.com/apache/ofbiz-framework/commit/cfee3063b1"; 
target="external">cfee3063b1</a>, <a 
href="https://github.com/apache/ofbiz-framework/commit/fd6a3b8644"; [...]
+                <li><i class="icon-pin"></i> <a 
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54466" 
target="external">CVE-2025-54466</a>; affected releases before 24.09.02; fixed 
in 24.09.02 with commit <a 
href="https://gitbox.apache.org/repos/asf?p=ofbiz-plugins.git;h=5a35b4f84f"; 
target="external">5a35b4f84f</a></li>
                 <li><i class="icon-pin"></i> <a 
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30676" 
target="external">CVE-2025-30676</a>; affected releases before 18.12.19; fixed 
in 18.12.19 with commits <a 
href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=ddfe3727b1"; 
target="external">ddfe3727b1</a>, <a 
href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=e7b7ae0eaa"; 
target="external">e7b7ae0eaa</a>, <a 
href="https://gitbox.apache.org/repos/asf?p= [...]
                 <li><i class="icon-pin"></i> <a 
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26865" 
target="external">CVE-2025-26865</a>; affected OFBiz between releases 18.12.17 
and 18.12.18; fixed in 18.12.18 with commits <a 
href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=5c725123d2"; 
target="external">5c725123d2</a>, <a 
href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=e663c6c1e9"; 
target="external">e663c6c1e9</a>, <a href="https://gitbox.apa [...]
                 <li><i class="icon-pin"></i> <a 
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-48962" 
target="external">CVE-2024-48962</a>; affected releases before 18.12.17; fixed 
in 18.12.17 with commit <a 
href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=761fb67d7f"; 
target="external">761fb67d7f</a></li>
diff --git a/template/page/security.tpl.php b/template/page/security.tpl.php
index 1339286..97d75a6 100644
--- a/template/page/security.tpl.php
+++ b/template/page/security.tpl.php
@@ -55,7 +55,9 @@
 
             <h3>List of Known Vulnerabilities</h3>
             <ul class="iconsList">
-                <li><i class="icon-pin"></i> <a 
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54466" 
target="external">CVE-2025-54466</a>; affected releases before 24.09.01; fixed 
in 24.09.02 with commit <a 
href="https://gitbox.apache.org/repos/asf?p=ofbiz-plugins.git;h=5a35b4f84f"; 
target="external">5a35b4f84f</a></li>
+                <li><i class="icon-pin"></i> <a 
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61623" 
target="external">CVE-2025-61623</a>; affected releases before 24.09.03; fixed 
in 24.09.03 with commits <a 
href="https://github.com/apache/ofbiz-framework/commit/4c624298a6"; 
target="external">4c624298a6</a>, <a 
href="https://github.com/apache/ofbiz-framework/commit/e8ad44dc36"; 
target="external">e8ad44dc36</a>, <a 
href="https://github.com/apache/ofbiz-framework/commit/505c88cf45"; [...]
+                <li><i class="icon-pin"></i> <a 
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59118" 
target="external">CVE-2025-59118</a>; affected releases before 24.09.03; fixed 
in 24.09.03 with commits <a 
href="https://github.com/apache/ofbiz-framework/commit/e1d30e8f55"; 
target="external">e1d30e8f55</a>, <a 
href="https://github.com/apache/ofbiz-framework/commit/cfee3063b1"; 
target="external">cfee3063b1</a>, <a 
href="https://github.com/apache/ofbiz-framework/commit/fd6a3b8644"; [...]
+                <li><i class="icon-pin"></i> <a 
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54466" 
target="external">CVE-2025-54466</a>; affected releases before 24.09.02; fixed 
in 24.09.02 with commit <a 
href="https://gitbox.apache.org/repos/asf?p=ofbiz-plugins.git;h=5a35b4f84f"; 
target="external">5a35b4f84f</a></li>
                 <li><i class="icon-pin"></i> <a 
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30676" 
target="external">CVE-2025-30676</a>; affected releases before 18.12.19; fixed 
in 18.12.19 with commits <a 
href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=ddfe3727b1"; 
target="external">ddfe3727b1</a>, <a 
href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=e7b7ae0eaa"; 
target="external">e7b7ae0eaa</a>, <a 
href="https://gitbox.apache.org/repos/asf?p= [...]
                 <li><i class="icon-pin"></i> <a 
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26865" 
target="external">CVE-2025-26865</a>; affected OFBiz between releases 18.12.17 
and 18.12.18; fixed in 18.12.18 with commits <a 
href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=5c725123d2"; 
target="external">5c725123d2</a>, <a 
href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=e663c6c1e9"; 
target="external">e663c6c1e9</a>, <a href="https://gitbox.apa [...]
                 <li><i class="icon-pin"></i> <a 
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-48962" 
target="external">CVE-2024-48962</a>; affected releases before 18.12.17; fixed 
in 18.12.17 with commit <a 
href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=761fb67d7f"; 
target="external">761fb67d7f</a></li>

Reply via email to