This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/trunk by this push:
new 3db95633e2 Fixed: Tried to execute unauthorized script (OFBIZ-13317)
3db95633e2 is described below
commit 3db95633e206ef68f4ceecbf8484924bafb348ca
Author: Jacques Le Roux <[email protected]>
AuthorDate: Wed Nov 26 18:08:40 2025 +0100
Fixed: Tried to execute unauthorized script (OFBIZ-13317)
Adds
{SHA}d8451d7509ae73421974f47752b6e9eef7503041 and
{SHA}edf12cf95597d52eacc14020a85a8df2abb34ab7
to allowedScriptletHashes in security.properties
See details on the Jira
---
framework/security/config/security.properties | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/framework/security/config/security.properties
b/framework/security/config/security.properties
index 20e8737b1f..7f014e2ac6 100644
--- a/framework/security/config/security.properties
+++ b/framework/security/config/security.properties
@@ -318,7 +318,7 @@ useDeniedScriptletsTokens=true
#-- To accept the execution on some groovy script who match the
deniedScriptletsTokens regExp, put their hash here.
#-- like
allowedScriptletHashes={SHA}59f8ab616b3878ddf825ea50c13ce603a3a6c5a9,{SHA}59f5ab516b3878ddf825ea50c13ce603a3a6c5a9
-allowedScriptletHashes= {SHA}4e025676cfa6df142e3457099271ecdcd1c1f5f9
+allowedScriptletHashes=
{SHA}4e025676cfa6df142e3457099271ecdcd1c1f5f9,{SHA}d8451d7509ae73421974f47752b6e9eef7503041,{SHA}edf12cf95597d52eacc14020a85a8df2abb34ab7
allowStringConcatenationInUploadedFiles=false
