Release Notes 24.09.02

Apache OFBiz® 24.09.02, released in August 2025, is the second release of the 24.09 series, which has been feature-frozen since September 2024, receiving only bug fixes.

Sub-task

• [OFBIZ-13264] - [SECURITY] Several CVEs in Apache Tomcat
• [OFBIZ-13275] - [SECURITY] Several CVEs in Apache Tomcat

Bug

• [OFBIZ-13222] - Error viewing entities with fromDate key in entity maintenance
• [OFBIZ-13223] - Error rendering included form "MandatoryWorkEfforts" when approving parent production run
• [OFBIZ-13225] - ClassCastException on PO Receipt in OFBiz - GStringImpl cannot be cast to String
• [OFBIZ-13226] - Error When Adding Actual Material After Confirming Production Run in OFBiz
• [OFBIZ-13229] - [SECURITY] Several CVEs in Apache Tomcat
• [OFBIZ-13231] - Ajax request fail on restful page
• [OFBIZ-13254] - ArithmeticException when producing inventory with general cost set on routing task
• [OFBIZ-13258] - Update communication event failed if statusId is null
• [OFBIZ-13265] - Update Apache commons-fileupload to last version (CVE-2025-48976)
• [OFBIZ-13268] - Fix ClassCastException in EntityConditionBuilder.createNode when using EntityFunction keys
• [OFBIZ-13270] - Incorrect service call for internal requirement may trigger unnecessary production runs
• [OFBIZ-13274] - Viewing records in Webtools/Entity Data Management got broken
• [OFBIZ-13279] - Bugfix-ScreenFopViewHandler-check-adding-PDFEncryption
• [OFBIZ-13224] - Support visual-editor-buttons attribute on textareas
• [OFBIZ-13276] - [SECURITY] CVE-2025-54466 RCE Vulnerability in scrum plugin