...
In any cases, always check that your version is up to date, see the . Get tothe "Security Vulnerabilities" section at https://ofbiz.apache.org/download.html. page at bottom of the OFBiz site. If you use the trunk be sure to closely follow JIRA issues and revisions commits regarding security and check
Jira | ||||||
---|---|---|---|---|---|---|
|
...
Currently we have no known Java vulnerabilities in OFBiz code. There are some vulnerable third parties libraries. Fortunately it's not high vulnerabilities. You can know more by looking at the last report file. We use the OWASP Dependency Check to check third parties libraries OFBiz uses.This page explains how to use it and to share results: About OWASP Dependency Check
JavaScript
For JavaScript: Retire.js see this page: About retire.js
...