THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
You can trust the Apache OFBiz PMC Members and Committers, we to do our best their best to keep OFBiz secure. But despite our best efforts we migth might sometimes overlook a security issue. In such cases, as explained at https://ofbiz.apache.org/download.html, we strongly encourage OfBiz users to report security problems affecting OFBiz to the private security mailing list of the ASF Security Team, before disclosing them in a public forum. Please see the page of the ASF Security Team for further information and contact informationdetails. Also in case of doubt, refer to the current page where quick fixes not already released might be explained.
Also you should update your release version as soon as a security update is mentionned mentioned at https://ofbiz.apache.org/download.html#vulnerabilities.
Another option is to use a release branch rather than a released package. As soon as the release branch contains the security update, you just have to "svn up" your referent working copy and apply in production...
...
- Those who use OFBiz only in an internal manner, without any connections with the Internet, most of the time only the OFBiz backend is then used. They should be the less concerned.
But this category tends to be less and less represented. Nowaydays Nowadays most of the organisations need somehow to be connected. - Users working in a secured environment, notably through firewalls and proxies. They should less fear security vulnerabilities. But you can't never be sure, black hackers are always trying...
- Users working in a less secure environment. For instance using the Out Of The Box (OOTB) OFBiz ecommerce/ecomseo solutions with a direct access from the Internet to it.
...
Now you might wonder how to keep your own OFBiz instance safe from vulnerabilities and maybe to contribute your experience to other OFBiz users. Having worked on the OFBiz security for few years, these are the tools I (Jacques Le Roux) personnaly personaly recommend. For each it's explained in specific pages how they work and how to share your results
...