Release Notes 17.12.03

Apache OFBiz® 17.12.03, released in 2020-04-27, is the third release of the 17.12 series, that has been stabilized since December 2017.

Sub-task

  • [OFBIZ-11195] - XML Entity Injection in webtools/control/entityImport
  • [OFBIZ-11197] - Arbitrary Code Execution
  • [OFBIZ-11470] - Ensure that the SameSite attribute is set to 'strict' for all cookies. (CVE-2019-0235)
  • [OFBIZ-11477] - Improve Web Content Caching
  • [OFBIZ-11583] - Prevent Host Header Injection (CVE-2019-12425)

Bug

  • [OFBIZ-11534] - Error in uploading very large files, ie >2MB
  • [OFBIZ-11597] - Error removing an uploaded party content
  • [OFBIZ-11601] - Build failed due to gradle-svntools-plugin dependency
  • [OFBIZ-10800] - Unable to remove items from onePageCheckout screen of ecommerce
  • [OFBIZ-11246] - The createTaskContent request does not work
  • [OFBIZ-11400] - Product Images not rendering on One Page Checkout
  • [OFBIZ-11441] - createMissingCategoryAndProductAltUrls service misses a transaction
  • [OFBIZ-11448] - Potential Nullpointer in ErrorPage.ftl
  • [OFBIZ-11451] - ofbiz-plugins repo does not have our license

Improvement

  • [OFBIZ-11437] - Add 2020 version of Incoterms
  • [OFBIZ-11475] - AjaxAutocompleteOptions should be able to decode return values