Skip to content

Commit 8fdabf3

Browse files
committed
Improved: we no longer use the notion of pre-auth and post-auth
We rather use the security policy detailed at https://ofbiz.apache.org/security.html
1 parent fd6a3b8 commit 8fdabf3

1 file changed

Lines changed: 8 additions & 10 deletions

File tree

README.adoc

Lines changed: 8 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -187,16 +187,6 @@ In case of problems visit our link:#further-reading[Further reading section].
187187
[[security]]
188188
== Security
189189

190-
* If you find a pre-auth security issue, please report it to: security @ ofbiz.apache.org.
191-
Once proper mitigations to the security issues are complete the OFBiz team will
192-
disclose this information to the public mailing list.
193-
* If you find a post-auth security issue, please https://s.apache.org/dsj2p[create a bug in our issue tracker (Jira)] .
194-
195-
* If you want to use AJP on a non localhost OFBiz instance, you need to set the value of allowedRequestAttributesPattern
196-
in framework/catalina/ofbiz-component.xml
197-
198-
You can find more information about security in OFBiz at
199-
https://cwiki.apache.org/confluence/display/OFBIZ/Keeping+OFBiz+secure[Keeping OFBiz secure]
200190

201191
[CAUTION]
202192
====
@@ -205,6 +195,14 @@ In production never use the credentials contained in demo data. Not only the adm
205195
Also we recommend to not use Windows Server in production because we are not supporting specific Windows related security issues.
206196
====
207197

198+
* If you want to use AJP on a non localhost OFBiz instance, you need to set the value of allowedRequestAttributesPattern
199+
in framework/catalina/ofbiz-component.xml
200+
201+
202+
You can find more information about security in OFBiz at
203+
https://ofbiz.apache.org/security.html[the official security page]
204+
205+
208206
[[build-system-syntax]]
209207
== Build system syntax
210208

0 commit comments

Comments
 (0)