Sub-task
- [OFBIZ-11407] – Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938)
- [OFBIZ-11948] – Remote Code Execution (File Upload) Vulnerability
- [OFBIZ-12539] – Upgrade Tomcat from 9.0.54 to 9.0.58
- [OFBIZ-12549] – [SECURITY] CVE-2022-23437: Infinite loop within Apache XercesJ xml parser
- [OFBIZ-12558] – Possible authenticated attack related to Tomcat CVE-2020-1938
- [OFBIZ-12573] – CLONE – [SECURITY] Upgrade Tika to 1.28.1
- [OFBIZ-12582] – Prevent post-Auth vulnerability: FreeMarker Bypass
- [OFBIZ-12584] – Stored XSS in webappPath parameter from content/control/EditWebSite
- [OFBIZ-12592] – Prevent possible DOS attack done using Java deserialisation
- [OFBIZ-12594] – Prevent Freemarker interpolation in fields
- [OFBIZ-12626] – [SECURITY] Upgrade Tika to 1.28.3
- [OFBIZ-12656] – Update Solr and Lucene from 8.11.1 to 8.11.2 for security reason
- [OFBIZ-12657] – [SECURITY] Upgrade Tika to 1.28.4
Bug
- [OFBIZ-11429] – Setting VIEW-INDEX to 0, when not initialised in ForumScreens.xml#Showforum “New Message” Link
- [OFBIZ-12097] – Date picker not initialised in ajax-called form
- [OFBIZ-12178] – ModelInduceFromDb does not show entity relations.
- [OFBIZ-12264] – Multiple Facility Inventory reservation does not consider store facility thru date
- [OFBIZ-12359] – ProductFacility on ecommerce listing product issue
- [OFBIZ-12455] – Product inventory reservation places orders if quantityNotReserved !=0 and requireInventory=Y
- [OFBIZ-12466] – Solr generates an error
- [OFBIZ-12478] – Screen Xml renderer failed on renderContainer[Begin,End] ftl macro
- [OFBIZ-12485] – AssetMaint not accessible by user with ‘VIEW’ permission
- [OFBIZ-12505] – Wrong Field Name Definition in RequirementForms
- [OFBIZ-12548] – placeholder text has been implemented but seems to do nothing
- [OFBIZ-12550] – Manufacturing Jobshop find screen by default does not show all production runs
- [OFBIZ-12552] – View for ViewBinaryDataResource missing
- [OFBIZ-12555] – default-field-type hidden doesn’t works for auto-fields-service
- [OFBIZ-12571] – Groovy denied list bypass causes post-auth RCE from webtools/control/ProgramExport
- [OFBIZ-12595] – Test run was unsuccessful because of failing solr tests
- [OFBIZ-12600] – Solr requires application/x-www-form-urlencoded
- [OFBIZ-12602] – XML Import fails due to security check
- [OFBIZ-12603] – In place editor wrong enable on display field
- [OFBIZ-12618] – German Translation – Inv. Nr.
- [OFBIZ-12619] – Required field not working on upload type form
- [OFBIZ-12625] – Webtools Service Logs ‘Service Name’ column always empty
- [OFBIZ-12635] – Add missing notification tag in services xsd file
- [OFBIZ-12636] – Unable to upload a file through ecommerce, but if i move the same menu to Webtools,Its working.
- [OFBIZ-12685] – Content tag in a screen does not display correctly images
Improvement
- [OFBIZ-6065] – Data of tenant specific component gets loaded in all instances
- [OFBIZ-6066] – Tenant specific components are visible/accessible in any tenant instance
- [OFBIZ-12589] – Update to Tomcat 9.0.60
- [OFBIZ-12590] – Update to log4j 2.17.2
- [OFBIZ-12599] – In UtilHttp, for regex processing of urls, replace Java regexp with RE2J
- [OFBIZ-12632] – German Translation – Category
- [OFBIZ-12670] – Make loading of data containing urls configurable
转自 Index of /ofbiz (apache.org)
Linuxeden开源社区
apache-ofbiz-18.12.06.zip 2022-09-01 10:24 31M
apache-ofbiz-18.12.06.zip.asc 2022-09-01 10:24 842