Clone
Jacques Le Roux <jacques.le.roux@les7arts.com>
committed
on 13 Feb
Fixed: Temporarily comment out the "stream" request-map in ecommerce controller for security reason (OFBIZ-11348)
A vulnerability has been r… Show more
Fixed: Temporarily comment out the "stream" request-map in ecommerce controller for security reason (OFBIZ-11348)

A vulnerability has been reported to the OFBiz security team. We were able to

quickly and quietly fix it in supported versions, but in the ecommerce component.

To be able to release the 17.12.01 version with this vulnerability fixed we need

to temporarily comment out the "stream" request-map in ecommerce controller.

We will later fix the specific issue in ecommerce to put back the functionnalities

allowed by the "stream" request-map in ecommerce controller.

Show less