Release Notes 17.12.05

Apache OFBiz® 17.12.05, released on January 2021, is the fifth and final release of the 17.12 series, that has been stabilized since December 2017.

Sub-task

  • [OFBIZ-11840] - Reflected XSS in content component
  • [OFBIZ-11871] - Server-Side Template Injection using Static
  • [OFBIZ-12055] - Prevent possible post-auth RCE from webtools/control/ProgramExport
  • [OFBIZ-12057] - Prevent arbitary file write using webtools/control/EntitySQLProcessor.
  • [OFBIZ-12080] - Secure the uploads
  • [OFBIZ-12096] - Post-auth XSS vulnerability at catalog/control/EditProductPromo
  • [OFBIZ-12098] - Make ruleName field in PriceForms.xml#AddPriceRules safe

Bug

  • [OFBIZ-7249] - Error on removing scrum members
  • [OFBIZ-8302] - Sorting of lists generates undesired results
  • [OFBIZ-9687] - Bug in order manager main page when using Arab language
  • [OFBIZ-9901] - Unable to create event in SFA component
  • [OFBIZ-10302] - Display/functionality improvement in findParty of OOTB regarding classification group
  • [OFBIZ-10532] - Default value flags not working for configurable and variant products at the time of order entry
  • [OFBIZ-10536] - Giant Widget with variant explosion: a "Select Unit of Measure" dropdown box appears with no reason.
  • [OFBIZ-10669] - Getting Insecure connection error while navigating from product link
  • [OFBIZ-10834] - Uploading image to data resource
  • [OFBIZ-11168] - Issue in creating promotion action
  • [OFBIZ-11582] - Required fields for party content upload are not checked
  • [OFBIZ-11734] - View Image button on order view page fails to render the image
  • [OFBIZ-11735] - Product link on Order confirmation page is not responding
  • [OFBIZ-11788] - Edit button(s) are shown for shipments received or shipped
  • [OFBIZ-11838] - One page checkout is broken because of ordermgr::getAssociatedStateList
  • [OFBIZ-11881] - Wrong image name in css
  • [OFBIZ-11906] - product summary looks bad in the promotion products list
  • [OFBIZ-11910] - product summary cards don't have uniform height
  • [OFBIZ-11920] - Distorted Final Checkout Review page when Credit card is selected as Payment option
  • [OFBIZ-11971] - Incorrect data for InvoiceItemTypeMap and ReturnItemTypeMap
  • [OFBIZ-11972] - wrong quote marks
  • [OFBIZ-11976] - svg files not removed on clean
  • [OFBIZ-11977] - multiflex css is linking to wrong location
  • [OFBIZ-11978] - "cart" should be "card"
  • [OFBIZ-11984] - MessagingException in sendShipmentScheduledNotification service
  • [OFBIZ-11993] - display/selection of unit of measure is broken/plugins
  • [OFBIZ-12014] - Error while decoding url parameters with percent character
  • [OFBIZ-12019] - variant product selection trashes image
  • [OFBIZ-12023] - Label issue on List Companies page
  • [OFBIZ-12026] - Hyperlink title under form widget doesn't support character encoding for special characters
  • [OFBIZ-12039] - Flexible reports use an old noNamespaceSchemaLocation
  • [OFBIZ-12044] - Issue: Displaying company and product information at product backlog, subcomponent of Scrum Application
  • [OFBIZ-12045] - Single product tile is displayed on one row in product search
  • [OFBIZ-12050] - NotSerializableException using uploadPartyContentFile service
  • [OFBIZ-12066] - init-gradle-wrapper.sh fails to install wrapper files using wget
  • [OFBIZ-12078] - Remove hardcoded product category on CategoryWorker.getCatalogTopCategory
  • [OFBIZ-12082] - Unique form names for promo actions
  • [OFBIZ-12087] - Lucene TopScoreDocCollector::create wrong call the 2 in Search.groovy scripts
  • [OFBIZ-12100] - Gradle build of 17.12.04 crashes on Centos 8
  • [OFBIZ-12101] - partymgr fails to upload image

Improvement

  • [OFBIZ-9254] - Inconsistent String Comparisons
  • [OFBIZ-9978] - Upgrade jQuery 1.11.0 to jQuery 3.2.1
  • [OFBIZ-11882] - Rename a few map files
  • [OFBIZ-11891] - Hard coded label in ProductUomDropDownOnly
  • [OFBIZ-11892] - Add missing jGrowl map file
  • [OFBIZ-11950] - Add a title to Javadoc overview
  • [OFBIZ-12029] - Handle special characters like single quote in Freemarker template (prevent encoding)
  • [OFBIZ-12067] - Update IND Geo data as per 2020-11-24 notification
  • [OFBIZ-12085] - Gradle logging hygiene