...
You can trust the Apache OFBiz PMC Members and Committers, we do our best to keep OFBiz secure. But despite our best efforts we migth sometimes overlook a security issue. In such cases, as explained at https://ofbiz.apache.org/download.html, we strongly encourage OfBiz users to report security problems affecting OFBiz to the private security mailing list of the ASF Security Team, before disclosing them in a public forum. Please see the page of the ASF Security Team for further information and contact information. Also in case of doubt, refer to the current page where quick fixes not already released might be explained.
Though it's maybe not totally complete, you might refer to
Jira | ||||||
---|---|---|---|---|---|---|
|
...
Warning | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
Until we update the Groovy librairy, we recommend you to have a look at http://svn.apache.org/viewvc?view=revision&revision=1717058 and so to use the start-secure ant target rather than the start one, or any other possibilities offered by OFBIZ-6568 (startofbiz.sh/bat, etc). Actually it's just a matter of calling "-javaagent:pathTo/contrast-rO0.jar" in your starting script. Also to have an historical view on the OFBiz security you can refer to
|
...