Apache OFBiz Logo
  • Home
  • Getting Started
    • Developers
    • Business Users
  • News
    • Twitter
    • Blog
  • Documentation
    • User Documentation
    • Technical Documentation
    • Wiki
    • API Reference
  • Community
    • Getting Involved
    • Mailing Lists
    • Source Repository
    • Downloads
    • Issue Tracker
    • FAQ
  • Demos
  • twitter
  • Youtube
  • facebook

Security

home/Community/ Security

Security Vulnerabilities

We strongly encourage OfBiz users to report security problems affecting OFBiz to the private security mailing lists (either security@ofbiz.apache.org or security@apache.org), before disclosing them in a public forum.

Please see the ASF Security Team webpage for further information about reporting a security vulnerability as well as their contact information.

You might be interested by our Keeping OFBiz secure wiki page.

List of Known Vulnerabilities

  • CVE-2018-17200; affected releases: from 16.11.01 to 16.11.05; fixed in 16.11.06 with revisions 1850017, 1850019.
  • CVE-2019-0189; affected releases: from 16.11.01 to 16.11.05; fixed in 16.11.06 with revisions specified in OFBIZ-10770, OFBIZ-10837.
  • CVE-2019-10073; affected releases: from 16.11.01 to 16.11.05; fixed in 16.11.06 with revisions 1858438, 1858543, 1860595, 1860616.
  • CVE-2019-10074; affected releases: from 16.11.01 to 16.11.05; fixed in 16.11.06 with revision 1858533.
  • CVE-2018-8033; affected releases: from 16.11.01 to 16.11.04; fixed in 16.11.05 with revisions 1833708, 1836141.
  • CVE-2011-3600; affected releases: from 16.11.01 to 16.11.04; fixed in 16.11.05 with revisions 1833724, 1833708, 1836141.
  • CVE-2017-15714; affected releases: from 16.11.01 to 16.11.03; fixed in 16.11.04 with revision 1759065
  • CVE-2016-6800; affected releases: 13.07.*, 12.04.*, 11.04.*; fixed in 16.11.01 with revisions 1759065 and 1759218
  • CVE-2016-4462; affected releases: 13.07.*, 12.04.*, 11.04.*; fixed in 16.11.01 with revisions 1761978, 1761986 and 1761987
  • CVE-2016-2170; affected releases: 13.07.02 and earlier versions (13.07.*), 12.04.05 and earlier versions (12.04.*); fixed in 13.07.03 and 12.04.06
  • CVE-2015-3268; affected releases: 13.07.02 and earlier versions (13.07.*), 12.04.05 and earlier versions (12.04.*); fixed in 13.07.03 and 12.04.06
  • CVE-2014-0232; affected releases: 12.04.03 and earlier versions (12.04.*), 11.04.04 and earlier versions (11.04.*); fixed in 12.04.04 and 11.04.05
  • CVE-2013-2250; affected releases: 12.04.01, 11.04.02 and earlier versions (11.04.*), 10.04.05 and earlier versions (10.04.*); fixed in 12.04.02, 11.04.03 and 10.04.06
  • CVE-2013-2137; affected releases: 12.04.01, 11.04.02 and earlier versions (11.04.*), 10.04.05 and earlier versions (10.04.*); fixed in 12.04.02, 11.04.03 and 10.04.06
  • CVE-2013-0177; affected releases: 11.04.01, 10.04.04 and earlier versions (10.04.*); fixed in 11.04.02 and 10.04.05
  • CVE-2012-3506; affected releases: 10.04.02, 10.04 (10.04.01); fixed in 10.04.03
  • CVE-2012-1622; affected releases: 10.04 (10.04.01); fixed in 10.04.02
  • CVE-2012-1621; affected releases: 10.04 (10.04.01); fixed in 10.04.02
  • CVE-2010-0432; affected releases: 09.04; fixed in 09.04.01

Latest tweets

Tweets by @ApacheOfbiz

Contact Community

  • Mailing Lists
  • Source Repository (SVN)
  • Issue Tracker (Jira)
  • OFBiz Youtube Channel
  • OFBiz Vimeo Channel
  • OFBiz Chat
    Note: To chat with users and developers of Apache OFBiz.
    Please create a Slack account using this invite link and join the #ofbiz channel. Please do not ask OFBiz questions in the #general channel.

ASF Information

  • Apache Software Foundation
  • Events
  • Sponsorship and Donations
  • Thanks
  • Security
  • License

Copyright © 2019 The Apache Software Foundation. Licensed under the Apache License, Version 2.0.
Apache OFBiz, OFBiz, the project logo and the Apache feather logo are trademarks of The Apache Software Foundation.