Google Git
Sign in
apache / ofbiz-framework / 7de28070a356fd5a02a05d986a235fcc3f7f737a
commit7de28070a356fd5a02a05d986a235fcc3f7f737a[log] [tgz]
authorJacques Le Roux <jacques.le.roux@les7arts.com>Sun Oct 10 13:32:49 2021 +0200
committerJacques Le Roux <jacques.le.roux@les7arts.com>Mon Oct 11 09:44:45 2021 +0200
tree093b43f914f0960e2b3dbada94f2459ea32a1f6e
parentc859c6f63664ddc12f1ea19355af52d4710ba385 [diff]
Improved: post-auth Remote Code Execution Vulnerability (OFBIZ-12332)

Prevents an useless inevitable warning by commenting out
RequestWrapper::getParameterNames and with it all the unused methods in
RequestWrapper class

Also better comments CacheFilter::doFilter by giving its real and only goal:
<<to prevent a post-auth security issue described in OFBIZ-12332>>
2 files changed
tree: 093b43f914f0960e2b3dbada94f2459ea32a1f6e
  1. .github/
  2. applications/
  3. docs/
  4. framework/
  5. gradle/
  6. lib/
  7. runtime/
  8. themes/
  9. .gitattributes
  10. .gitignore
  11. .hgignore
  12. .xmlcatalog.xml
  13. APACHE2_HEADER
  14. build.gradle
  15. common.gradle
  16. gradlew
  17. gradlew.bat
  18. init-gradle-wrapper.bat
  19. INSTALL
  20. LICENSE
  21. NOTICE
  22. OPTIONAL_LIBRARIES
  23. README.adoc
  24. settings.gradle
  25. VERSION