The GitHub Actions job "Java CI with Gradle" on ofbiz-framework.git has failed. Run started by GitHub user asfgit (triggered by asfgit).
Head commit for run: 40a285623824ecac3a8fa3b77a9c87663969024b / Jacques Le Roux <[email protected]> Fixed: [codeQL] Resolving specific Java issues (OFBIZ-12925) This concerns a possible server-side request forgery reported by CodeQL <<To fix the SSRF vulnerability, we need to ensure that the URL being used in the readXmlDocument method is validated and restricted to a set of allowed URLs or domains. This can be achieved by maintaining a whitelist of allowed URLs or domains and checking the user-provided URL against this list before proceeding with the request.>> Fortunately we already have and can use the host-headers-allowed property in security.properties. Here is the fix. Conflict handled by hand Report URL: https://github.com/apache/ofbiz-framework/actions/runs/13493783482 With regards, GitHub Actions via GitBox
