Improved: Allow to use GroovyDsl in FlexibleStringExpander (OFBIZ-13133) #839
Commits on Oct 10, 2024
-
Improved: Allow to use GroovyDsl in FlexibleStringExpander (OFBIZ-13133)
Second improvement on this functionality with increase the security by analyse each script to control the presence of potential code injection. The regexp to control is a property: security.deniedScriptletsTokens. If a script match the regexp, OFBiz raise in log an alert with the script and the script hash. The script is disabled and can't run. If you have a safe script who is matched by the regexp, you can add the hash given by OFBiz on the property: security.allowedScriptletHashes
-
Update framework/base/src/main/java/org/apache/ofbiz/base/util/Script…
…Util.java Co-authored-by: Gil Portenseigne <[email protected]>
-
Update framework/base/src/main/java/org/apache/ofbiz/base/util/Script…
…Util.java Co-authored-by: Gil Portenseigne <[email protected]>
-
Update framework/base/src/main/java/org/apache/ofbiz/base/util/Script…
…Util.java Co-authored-by: Gil Portenseigne <[email protected]>
-
Update framework/base/src/main/java/org/apache/ofbiz/base/util/Script…
…Util.java Co-authored-by: Gil Portenseigne <[email protected]>
-
Update framework/base/src/main/java/org/apache/ofbiz/base/util/Script…
…Util.java Co-authored-by: Gil Portenseigne <[email protected]>
Commits on Oct 11, 2024
-
Improved: Allow to use GroovyDsl in FlexibleStringExpander (OFBIZ-13133)
Improve reg exp to support more possible code injection
-
Improved: Allow to use GroovyDsl in FlexibleStringExpander (OFBIZ-13133)
Improve reg exp to support more possible code injection
-
