| <!DOCTYPE html> |
| <html lang="en"> |
| <!--[if lt IE 7 ]><html class="ie ie6" lang="en"> <![endif]--> |
| <!--[if IE 7 ]><html class="ie ie7" lang="en"> <![endif]--> |
| <!--[if IE 8 ]><html class="ie ie8" lang="en"> <![endif]--> |
| <!--[if (gte IE 9)|!(IE)]><!--> |
| <head> |
| <meta charset="utf-8"> |
| <title>The Apache OFBiz® Project - Release Notes 18.12.04</title> |
| <meta name="Description" content="OFBiz is an open source enterprise automation software project licensed under the Apache License. It means you are not alone and can work with many others." /> |
| <meta name="Robots" content="index,follow" /> |
| <!-- Mobile Specific Metas |
| ================================================== --> |
| <meta name="viewport" content="width=device-width, initial-scale=1.0"> |
| <!-- CSS |
| ================================================== --> |
| <!-- local fonts --> |
| <link type="text/css" id="fonts" rel="stylesheet" href="/css/fonts.css"> |
| <!-- Bootstrap --> |
| <link type="text/css" rel="stylesheet" href="/bootstrap/css/bootstrap.min.css"> |
| <!-- plugin css --> |
| <link rel="stylesheet" type="text/css" href="/js/plugins/pretty-photo/css/prettyPhoto.css" /> |
| <link rel="stylesheet" type="text/css" href="/js/plugins/rs-plugin/css/settings.css" media="screen" /> |
| <link type="text/css" rel="stylesheet" href="/js/plugins/hoverdir/css/style.css"> |
| <!-- icon fonts --> |
| <link type="text/css" rel="stylesheet" href="/font-icons/custom-icons/css/custom-icons.css"> |
| <link type="text/css" rel="stylesheet" href="/font-icons/custom-icons/css/custom-icons-ie7.css"> |
| <!-- Custom css --> |
| <link type="text/css" rel="stylesheet" href="/css/layout.css"> |
| <link type="text/css" id="colors" rel="stylesheet" href="/css/colors.css"> |
| <!--[if lt IE 9]><script src="//html5shim.googlecode.com/svn/trunk/html5.js"></script><![endif]--> |
| <!--[if gte IE 9]><style type="text/css">.iconBig, .active, .hover a , .Shover a { filter: none !important; } </style> <![endif]--> |
| <script src="js/modernizr-2.6.1.min.js"></script> |
| <!-- Favicons |
| ================================================== --> |
| <link rel="shortcut icon" href="/images/favicon.ico"> |
| <link rel="apple-touch-icon" href="/images/apple-icon.png"> |
| <link rel="apple-touch-icon" sizes="72x72" href="/images/apple-icon-72x72.png"> |
| <link rel="apple-touch-icon" sizes="114x114" href="/images/apple-icon-114x114.png"> |
| <link rel="apple-touch-icon" sizes="144x144" href="/images/apple-icon-144x144.png"> |
| </head> |
| <body> |
| <!-- header --> |
| <header id="mainHeader" class="clearfix"> |
| <div class="navbar navbar-fixed-top"> |
| <div class="navbar-inner"> |
| <div class="container"> <a href="index.html" class="brand"><img src="images/ofbiz_logo.png" alt="Apache OFBiz Logo"/></a> |
| <nav id="mainMenu" class="clearfix"> |
| <ul> |
| <li><a href="index.html" class="firstLevel">Home</a></li> |
| <li><a href="#" class="firstLevel">Getting Started</a> |
| <ul> |
| <li><a href="developers.html" class="">Developers</a></li> |
| <li><a href="business-users.html" class="last">Business Users</a></li> |
| </ul> |
| </li> |
| <li><a href="#" class="firstLevel">News</a> |
| <ul> |
| <li><a href="//twitter.com/apacheofbiz" target="external">Twitter</a></li> |
| <li><a href="//blogs.apache.org/ofbiz/" target="external" class="last">Blog</a></li> |
| </ul> |
| </li> |
| <li><a href="#" class="firstLevel">Documentation</a> |
| <ul> |
| <li><a href="//cwiki.apache.org/confluence/display/OFBIZ/Documentation" target="external" class="">User Documentation</a></li> |
| <li><a href="//cwiki.apache.org/confluence/display/OFBIZ/Technical+Documentation" target="external" class="">Technical Documentation</a></li> |
| <li><a href="//cwiki.apache.org/confluence/display/OFBIZ/Home" target="external" class="">Wiki</a></li> |
| <li><a href="#" class="firstLevel">API Reference</a> |
| <ul> |
| <li title="Trunk API"> |
| <a href="https://nightlies.apache.org/ofbiz/trunk/javadoc/" target="external">Trunk API</a></li> |
| </li> |
| <li title="Stable release API"> |
| <a href="https://nightlies.apache.org/ofbiz/stable/javadoc/" target="external">Stable Release API</a></li> |
| </li> |
| <li title="Next release API"> |
| <a href="https://nightlies.apache.org/ofbiz/next/javadoc/" target="external">Next Release API</a></li> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </li> |
| <li><a href="#" class="firstLevel">Community</a> |
| <ul> |
| <li><a href="getting-involved.html">Getting Involved</a></li> |
| <li><a href="mailing-lists.html">Mailing Lists</a></li> |
| <li><a href="source-repositories.html">Source Repository</a></li> |
| <li><a href="download.html">Downloads</a></li> |
| <li><a href="https://s.apache.org/dsj2p" target="external" >Issue Tracker</a></li> |
| <li><a href="faqs.html" class="last">FAQ</a></li> |
| </ul> |
| </li> |
| <li><a href="ofbiz-demos.html" class="firstLevel">Demos</a></li> |
| <li> |
| <a href="//twitter.com/ApacheOfbiz" class="icon-twitter-bird socialIcon tips" |
| target="external" title="follow us on Twitter"><span>twitter</span></a> |
| </li> |
| <li><a href="//www.linkedin.com/company/apache-ofbiz/" target="external" class="icon-linkedin socialIcon tips" title="follow us on Linkedin"><span>linkedin</span></a></li> |
| <li><a href="//www.facebook.com/Apache-OFBiz-1478219232210477/?ref=page_internal" target="external" class="icon-facebook socialIcon tips" title="follow us on Facebook"><span>facebook</span></a></li> |
| <li><a href="//www.youtube.com/user/ofbiz" class="icon-play socialIcon tips" target="external" title="follow us on Youtube"><span>Youtube</span></a></li> |
| <!--<li><a href="#" class="icon-rss socialIcon tips" title="Our rss feed"><span>rss feed</span></a></li> |
| <li><a href="#" class="icon-gplus socialIcon tips" title="follow us on Google +"><span>google +</span></a></li> |
| <li><a href="#" class="icon-instagram socialIcon tips" title="follow us on Instagram"><span>instagram</span></a></li> |
| <li><a href="#" class="icon-linkedin socialIcon tips" title="follow us on Linkedin"><span>linkedin</span></a></li> |
| <li><a href="#" class="icon-pinterest-circled socialIcon tips" title="follow us on Pinterest"><span>Pinterest</span></a></li>--> |
| </ul> |
| </nav> |
| </div> |
| </div> |
| </div> |
| </header> |
| <!-- header --> |
| <!-- globalWrapper --> |
| <div id="globalWrapper"> |
| <!-- page content --> |
| <section id="content" class="fullWidth"> |
| <header class="headerPage"> |
| <div class="container clearfix"> |
| <div class="row"> |
| <h1 class="span8">Release Notes 18.12.06</h1> |
| <div class="span4" id="navTrail"> <a href="index.html" class="homeLink">home</a><span>/</span><a href="download.html">Download</a><span>/</span><span class="current">Release Notes 18.12.06</span> </div> |
| </div> |
| </div> |
| </header> |
| <section id="content" class="features" > |
| <div class="slice clearfix"> |
| <div class="container"> |
| <div class="row"> |
| <div> |
| <p>Apache OFBiz® 18.12.06, released on September 2022, is the sixth and final release of the 18.12 series, that has been stabilized since December 2018.</p> |
| |
| |
| |
| Release Notes - OFBiz - Version 18.12.06 |
| |
| <h2> Sub-task |
| </h2> |
| <ul> |
| <li>[<a href='https://issues.apache.org/jira/browse/OFBIZ-12646'>OFBIZ-12646</a>] - Java Deserialization vulnerability in Apache OfBiz (CVE-2022-29063) |
| </li> |
| <li>[<a href='https://issues.apache.org/jira/browse/OFBIZ-11407'>OFBIZ-11407</a>] - Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938) |
| </li> |
| <li>[<a href='https://issues.apache.org/jira/browse/OFBIZ-11948'>OFBIZ-11948</a>] - Remote Code Execution (File Upload) Vulnerability |
| </li> |
| <li>[<a href='https://issues.apache.org/jira/browse/OFBIZ-12539'>OFBIZ-12539</a>] - Upgrade Tomcat from 9.0.54 to 9.0.58 |
| </li> |
| <li>[<a href='https://issues.apache.org/jira/browse/OFBIZ-12549'>OFBIZ-12549</a>] - [SECURITY] CVE-2022-23437: Infinite loop within Apache XercesJ xml parser |
| </li> |
| <li>[<a href='https://issues.apache.org/jira/browse/OFBIZ-12558'>OFBIZ-12558</a>] - Possible authenticated attack related to Tomcat CVE-2020-1938 |
| </li> |
| <li>[<a href='https://issues.apache.org/jira/browse/OFBIZ-12573'>OFBIZ-12573</a>] - CLONE - [SECURITY] Upgrade Tika to 1.28.1 |
| </li> |
| <li>[<a href='https://issues.apache.org/jira/browse/OFBIZ-12582'>OFBIZ-12582</a>] - Prevent post-Auth vulnerability: FreeMarker Bypass |
| </li> |
| <li>[<a href='https://issues.apache.org/jira/browse/OFBIZ-12584'>OFBIZ-12584</a>] - Stored XSS in webappPath parameter from content/control/EditWebSite |
| </li> |
| <li>[<a href='https://issues.apache.org/jira/browse/OFBIZ-12592'>OFBIZ-12592</a>] - Prevent possible DOS attack done using Java deserialisation |
| </li> |
| <li>[<a href='https://issues.apache.org/jira/browse/OFBIZ-12594'>OFBIZ-12594</a>] - Prevent Freemarker interpolation in fields |
| </li> |
| <li>[<a href='https://issues.apache.org/jira/browse/OFBIZ-12626'>OFBIZ-12626</a>] - [SECURITY] Upgrade Tika to 1.28.3 |
| </li> |
| <li>[<a href='https://issues.apache.org/jira/browse/OFBIZ-12656'>OFBIZ-12656</a>] - Update Solr and Lucene from 8.11.1 to 8.11.2 for security reason |
| </li> |
| <li>[<a href='https://issues.apache.org/jira/browse/OFBIZ-12657'>OFBIZ-12657</a>] - [SECURITY] Upgrade Tika to 1.28.4 |
| </li> |
| </ul> |
| |
| <h2> Bug |
| </h2> |
| <ul> |
| <li>[<a href='https://issues.apache.org/jira/browse/OFBIZ-11429'>OFBIZ-11429</a>] - Setting VIEW-INDEX to 0, when not initialised in ForumScreens.xml#Showforum "New Message" Link |
| </li> |
| <li>[<a href='https://issues.apache.org/jira/browse/OFBIZ-12097'>OFBIZ-12097</a>] - Date picker not initialised in ajax-called form |
| </li> |
| <li>[<a href='https://issues.apache.org/jira/browse/OFBIZ-12178'>OFBIZ-12178</a>] - ModelInduceFromDb does not show entity relations. |
| </li> |
| <li>[<a href='https://issues.apache.org/jira/browse/OFBIZ-12264'>OFBIZ-12264</a>] - Multiple Facility Inventory reservation does not consider store facility thru date |
| </li> |
| <li>[<a href='https://issues.apache.org/jira/browse/OFBIZ-12359'>OFBIZ-12359</a>] - ProductFacility on ecommerce listing product issue |
| </li> |
| <li>[<a href='https://issues.apache.org/jira/browse/OFBIZ-12455'>OFBIZ-12455</a>] - Product inventory reservation places orders if quantityNotReserved !=0 and requireInventory=Y |
| </li> |
| <li>[<a href='https://issues.apache.org/jira/browse/OFBIZ-12466'>OFBIZ-12466</a>] - Solr generates an error |
| </li> |
| <li>[<a href='https://issues.apache.org/jira/browse/OFBIZ-12478'>OFBIZ-12478</a>] - Screen Xml renderer failed on renderContainer[Begin,End] ftl macro |
| </li> |
| <li>[<a href='https://issues.apache.org/jira/browse/OFBIZ-12485'>OFBIZ-12485</a>] - AssetMaint not accessible by user with 'VIEW' permission |
| </li> |
| <li>[<a href='https://issues.apache.org/jira/browse/OFBIZ-12505'>OFBIZ-12505</a>] - Wrong Field Name Definition in RequirementForms |
| </li> |
| <li>[<a href='https://issues.apache.org/jira/browse/OFBIZ-12548'>OFBIZ-12548</a>] - placeholder text has been implemented but seems to do nothing |
| </li> |
| <li>[<a href='https://issues.apache.org/jira/browse/OFBIZ-12550'>OFBIZ-12550</a>] - Manufacturing Jobshop find screen by default does not show all production runs |
| </li> |
| <li>[<a href='https://issues.apache.org/jira/browse/OFBIZ-12552'>OFBIZ-12552</a>] - View for ViewBinaryDataResource missing |
| </li> |
| <li>[<a href='https://issues.apache.org/jira/browse/OFBIZ-12555'>OFBIZ-12555</a>] - default-field-type hidden doesn't works for auto-fields-service |
| </li> |
| <li>[<a href='https://issues.apache.org/jira/browse/OFBIZ-12571'>OFBIZ-12571</a>] - Groovy denied list bypass causes post-auth RCE from webtools/control/ProgramExport |
| </li> |
| <li>[<a href='https://issues.apache.org/jira/browse/OFBIZ-12595'>OFBIZ-12595</a>] - Test run was unsuccessful because of failing solr tests |
| </li> |
| <li>[<a href='https://issues.apache.org/jira/browse/OFBIZ-12600'>OFBIZ-12600</a>] - Solr requires application/x-www-form-urlencoded |
| </li> |
| <li>[<a href='https://issues.apache.org/jira/browse/OFBIZ-12602'>OFBIZ-12602</a>] - XML Import fails due to security check |
| </li> |
| <li>[<a href='https://issues.apache.org/jira/browse/OFBIZ-12603'>OFBIZ-12603</a>] - In place editor wrong enable on display field |
| </li> |
| <li>[<a href='https://issues.apache.org/jira/browse/OFBIZ-12618'>OFBIZ-12618</a>] - German Translation - Inv. Nr. |
| </li> |
| <li>[<a href='https://issues.apache.org/jira/browse/OFBIZ-12619'>OFBIZ-12619</a>] - Required field not working on upload type form |
| </li> |
| <li>[<a href='https://issues.apache.org/jira/browse/OFBIZ-12625'>OFBIZ-12625</a>] - Webtools Service Logs ‘Service Name’ column always empty |
| </li> |
| <li>[<a href='https://issues.apache.org/jira/browse/OFBIZ-12635'>OFBIZ-12635</a>] - Add missing notification tag in services xsd file |
| </li> |
| <li>[<a href='https://issues.apache.org/jira/browse/OFBIZ-12636'>OFBIZ-12636</a>] - Unable to upload a file through ecommerce, but if i move the same menu to Webtools,Its working. |
| </li> |
| <li>[<a href='https://issues.apache.org/jira/browse/OFBIZ-12685'>OFBIZ-12685</a>] - Content tag in a screen does not display correctly images |
| </li> |
| </ul> |
| |
| <h2> Improvement |
| </h2> |
| <ul> |
| <li>[<a href='https://issues.apache.org/jira/browse/OFBIZ-6065'>OFBIZ-6065</a>] - Data of tenant specific component gets loaded in all instances |
| </li> |
| <li>[<a href='https://issues.apache.org/jira/browse/OFBIZ-6066'>OFBIZ-6066</a>] - Tenant specific components are visible/accessible in any tenant instance |
| </li> |
| <li>[<a href='https://issues.apache.org/jira/browse/OFBIZ-12589'>OFBIZ-12589</a>] - Update to Tomcat 9.0.60 |
| </li> |
| <li>[<a href='https://issues.apache.org/jira/browse/OFBIZ-12590'>OFBIZ-12590</a>] - Update to log4j 2.17.2 |
| </li> |
| <li>[<a href='https://issues.apache.org/jira/browse/OFBIZ-12599'>OFBIZ-12599</a>] - In UtilHttp, for regex processing of urls, replace Java regexp with RE2J |
| </li> |
| <li>[<a href='https://issues.apache.org/jira/browse/OFBIZ-12632'>OFBIZ-12632</a>] - German Translation - Category |
| </li> |
| <li>[<a href='https://issues.apache.org/jira/browse/OFBIZ-12670'>OFBIZ-12670</a>] - Make loading of data containing urls configurable |
| </li> |
| </ul> |
| |
| </div> |
| </div> |
| </div> |
| </div> |
| </section> |
| </section><!-- footer --> |
| <footer class="footer1"> |
| <div class="container" id="footer"> |
| <div class="row"> |
| <div class="span6 timelineWidget"> |
| <h2>Latest tweets</h2> |
| <!-- |
| <div class="divider"><span></span></div> |
| <ul class="socialNetwork nav"> |
| <li> |
| <a href="//twitter.com/ApacheOfbiz" class="icon-twitter-bird socialIcon tips" |
| target="external" title="follow us on Twitter"><span>twitter</span></a> |
| </li> |
| <li><a href="//www.youtube.com/user/ofbiz" class="icon-play socialIcon tips" title="follow us on Youtube"><span>Youtube</span></a></li> |
| <li><a href="//www.facebook.com/Apache-OFBiz-1478219232210477/?ref=page_internal" class="icon-facebook socialIcon tips" title="follow us on Facebook"><span>facebook</span></a></li> |
| <li><a href="#" class="icon-rss socialIcon tips" title="Our rss feed"><span>rss feed</span></a></li> |
| <li><a href="#" class="icon-gplus socialIcon tips" title="follow us on Google +"><span>google +</span></a></li> |
| <li><a href="#" class="icon-instagram socialIcon tips" title="follow us on Instagram"><span>instagram</span></a></li> |
| <li><a href="#" class="icon-linkedin socialIcon tips" title="follow us on Linkedin"><span>linkedin</span></a></li> |
| <li><a href="#" class="icon-pinterest-circled socialIcon tips" title="follow us on Pinterest"><span>Pinterest</span></a></li> |
| </ul> |
| --> |
| <div id="twitterFrame"> <a class="twitter-timeline" href="//twitter.com/ApacheOfbiz?height=250" data-widget-id="588661945194192896" data-tweet-limit="2" data-theme="dark" data-chrome="nofooter noheader transparent" >Tweets by @ApacheOfbiz</a> |
| <script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0],p=/^http:/.test(d.location)?'http':'https';if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src=p+"://platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script> |
| </div> |
| </div> |
| <div class="span3 contactWidget"> |
| <h2>Contact Community</h2> |
| <div class="divider"><span></span></div> |
| <ul> |
| <li><a href="mailing-lists.html">Mailing Lists</a></li> |
| <li><a href="source-repositories.html">Source Repository (Git)</a></li> |
| <li><a href="https://s.apache.org/dsj2p" target="external">Issue Tracker (Jira)</a></li> |
| <li><a href="//www.youtube.com/user/ofbiz" target="external">OFBiz Youtube Channel</a></li> |
| <li><a href="//vimeo.com/channels/apacheofbiz" target="external">OFBiz Vimeo Channel</a></li> |
| <li> |
| <a href="//s.apache.org/ofbiz-slack-channel" target="external">OFBiz Chat</a><br/> |
| <span class="footer-note"> |
| Note: To chat with users and developers of Apache OFBiz. |
| <br>Please create a Slack account using <a href="//s.apache.org/slack-invite" target="external">this invite link</a> and |
| <a href="//s.apache.org/ofbiz-slack-channel" target="external">join the <b>#ofbiz channel</b>.</a> |
| Please do <b>not</b> ask OFBiz questions in the #general channel. |
| </span> |
| </li> |
| </ul> |
| </div> |
| <div class="span3 sociallWidget"> |
| <h2>ASF Information</h2> |
| <div class="divider"><span></span></div> |
| <ul> |
| <li><a href="https://www.apache.org/foundation/" target="external">Apache Software Foundation</a></li> |
| <li><a href="https://privacy.apache.org/policies/privacy-policy-public.html" target="external">Privacy Policy</a></li> |
| <li><a href="https://www.apache.org/events/current-event" target="external">Events</a></li> |
| <li><a href="https://www.apache.org/foundation/sponsorship.html" target="external">Sponsorship</a> |
| and <a href="https://www.apache.org/foundation/contributing.html" target="external">Donations</a> |
| </li> |
| <li><a href="https://www.apache.org/foundation/thanks.html" target="external">Thanks</a></li> |
| <li><a href="https://ofbiz.apache.org/security.html">Security</a></li> |
| <li><a href="https://www.apache.org/licenses/" target="external">License</a></li> |
| </ul> |
| </div> |
| </div> |
| </div> |
| </footer> |
| <footer class="footer2" id="footerRights"> |
| <div class="container"> |
| <div class="row"> |
| <div class="span12"> |
| <p> |
| Copyright © 2023 The Apache Software Foundation. |
| <a href="https://www.apache.org/licenses/" target="external">Licensed under the Apache License, Version 2.0</a>.<br/> |
| Apache OFBiz, OFBiz, the project logo and the Apache feather logo are trademarks of <a href="https://www.apache.org/" target="external">The Apache Software Foundation.</a> |
| </p> |
| </div> |
| </div> |
| </div> |
| </footer> |
| <!-- footer --> |
| </div> |
| <!-- globalWrapper --> |
| <script type="text/javascript" src="js/plugins/respond/respond.min.js"></script> |
| <script type="text/javascript" src="js/jquery-1.12.4.min.js"></script> |
| <script type="text/javascript" src="js/jquery-migrate-1.0.0.min.js"></script> |
| <script type="text/javascript" src="js/plugins/jquery-browser-plugin/jquery.browser.min.js"></script> |
| <!-- third party plugins --> |
| <script type="text/javascript" src="bootstrap/js/bootstrap.js"></script> |
| <script type="text/javascript" src="bootstrap/js/bootstrap-carousel.js"></script> |
| <script type="text/javascript" src="js/plugins/easing/jquery.easing.1.3.js"></script> |
| <script type="text/javascript" src="js/plugins/pretty-photo/js/jquery.prettyPhoto.js"></script> |
| <script type="text/javascript" src="js/plugins/hoverdir/jquery.hoverdir.js"></script> |
| <!-- jQuery KenBurn Slider --> |
| <script type="text/javascript" src="js/plugins/rs-plugin/js/jquery.themepunch.plugins.min.js"></script> |
| <script type="text/javascript" src="js/plugins/rs-plugin/js/jquery.themepunch.revolution.min.js"></script> |
| <!-- Custom --> |
| <script type="text/javascript" src="js/custom.js"></script> |
| <!-- Matomo --> |
| <script type="text/javascript"> |
| var _paq = window._paq = window._paq || []; |
| /* tracker methods like "setCustomDimension" should be called before |
| "trackPageView" */ |
| /* We explicitly disable cookie tracking to avoid privacy issues */ |
| _paq.push(['disableCookies']); |
| _paq.push(['trackPageView']); |
| _paq.push(['enableLinkTracking']); |
| (function() { |
| var u="https://analytics.apache.org/"; |
| _paq.push(['setTrackerUrl', u+'matomo.php']); |
| _paq.push(['setSiteId', '21']); |
| var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0]; |
| g.async=true; g.src=u+'matomo.js'; s.parentNode.insertBefore(g,s); |
| })(); |
| </script> |
| <!-- End Matomo Code --> |
| </body> |
| </html> |