The GitHub Actions job "CodeQL" on ofbiz-framework.git has failed. Run started by GitHub user asfgit (triggered by asfgit).
Head commit for run: c2d3b85105e60a0a61ac9a3039ca7b8456310c1b / Jacques Le Roux <[email protected]> Fixed: [codeQL] Resolving specific Java issues (OFBIZ-12925) This concerns a possible server-side request forgery reported by CodeQL <<To fix the SSRF vulnerability, we need to ensure that the URL being used in the readXmlDocument method is validated and restricted to a set of allowed URLs or domains. This can be achieved by maintaining a whitelist of allowed URLs or domains and checking the user-provided URL against this list before proceeding with the request.>> Fortunately we already have and can use the host-headers-allowed property in security.properties. Here is the fix. Report URL: https://github.com/apache/ofbiz-framework/actions/runs/13493783668 With regards, GitHub Actions via GitBox
