This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch release24.09
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/release24.09 by this push:
new 8ebe991f5f Fixed: Tried to execute unauthorized script (OFBIZ-13317)
8ebe991f5f is described below
commit 8ebe991f5fa1691e651e88619f97cb0d0597871e
Author: Jacques Le Roux <[email protected]>
AuthorDate: Wed Nov 26 18:08:40 2025 +0100
Fixed: Tried to execute unauthorized script (OFBIZ-13317)
Adds
{SHA}d8451d7509ae73421974f47752b6e9eef7503041 and
{SHA}edf12cf95597d52eacc14020a85a8df2abb34ab7
to allowedScriptletHashes in security.properties
See details on the Jira
---
framework/security/config/security.properties | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/framework/security/config/security.properties
b/framework/security/config/security.properties
index ed9a412f29..ed54eb65cb 100644
--- a/framework/security/config/security.properties
+++ b/framework/security/config/security.properties
@@ -303,7 +303,7 @@ useDeniedScriptletsTokens=true
#-- To accept the execution on some groovy script who match the
deniedScriptletsTokens regExp, put their hash here.
#-- like
allowedScriptletHashes={SHA}59f8ab616b3878ddf825ea50c13ce603a3a6c5a9,{SHA}59f5ab516b3878ddf825ea50c13ce603a3a6c5a9
-allowedScriptletHashes= {SHA}4e025676cfa6df142e3457099271ecdcd1c1f5f9
+allowedScriptletHashes=
{SHA}4e025676cfa6df142e3457099271ecdcd1c1f5f9,{SHA}d8451d7509ae73421974f47752b6e9eef7503041,{SHA}edf12cf95597d52eacc14020a85a8df2abb34ab7
allowStringConcatenationInUploadedFiles=false
