www-announce mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jacopo Cappellato <jaco...@apache.org>
Subject [ANNOUNCE] Apache OFBiz 12.04.02 released
Date Sat, 20 Jul 2013 16:01:00 GMT
The Apache OFBiz community is pleased to announce the new release "Apache OFBiz 12.04.02".

Apache OFBiz is an open source enterprise automation software project (ERP, CRM, E-Business
/ E-Commerce, MRP, SCM, CMMS/EAM...):

http://ofbiz.apache.org/

"Apache OFBiz 12.04.02" is a bug fix release for the 12.04 series; all users of "Apache OFBiz
12.04.01" release are encouraged to upgrade to this latest release because the new release
contains several bug fixes including fixes for the following security vulnerabilities: 

CVE-2013-2137 - XSS vulnerability in the "View Log" screen of the OFBiz Webtools application
CVE-2013-2250 - Nested expression evaluation allows remote users to execute arbitrary UEL
functions in OFBiz

See also:

http://ofbiz.apache.org/download.html#vulnerabilities

The release file can be downloaded following the instructions in the OFBiz download page :

http://ofbiz.apache.org/download.html

The OFBiz Team.
Mime
View raw message