THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
This is still a WIP page but be sure to read at least the "Be safe" Warning
...
What is this page about?
This page is about security as in "external security". In other words it's not about authentication nor authorisation, for that refer to OFBiz Security Permissions.
But about about keeping your OFBis instance secure from external exploits, and prevent vulnerabilities as soon as they are known.
You can trust the Apache OFBiz PMC Members and Committers, we do our best to keep OFBiz secure. But despite our best efforts we migth sometimes overlook a security issue. In such cases, as explained at https://ofbiz.apache.org/download.html, we strongly encourage OfBiz users to report security problems affecting OFBiz to the private security mailing list of the ASF Security Team, before disclosing them in a public forum. Please see the page of the ASF Security Team for further information and contact information. Also in case of doubt, refer to the current page where quick fixes not already released might be explained.
...
| Warning | ||
|---|---|---|
| ||
| Be sure to read The infamous Java serialize vulnerability page if you use RMI, JMX or/and Spring with , Spring, any other external librairies within your OFBiz instance |
Who is concerned?
Roughly there are 3 categories of OFBiz users:
...