Apache OFBiz News - April 2020
Apache OFBiz News April 2020
Welcome to our regular monthly round-up of OFBiz news. This month we
share with you details of our usual list of features, improvements and
statistics.
OFBiz Statistics
Apache Kibble tracks some Apache OFBiz community statistics on its
demo instance, so we have highlighted a few of our stats for the last
month:
- JIRA Issue Tracker: 52 issues were opened and 59 issues were closed ( 6 different people helped to close these issues)
- Code Change and Commit Activity:
- Framework: 130 commits to the code base that changed 30,425 lines of code ( 6 committers were active)
- Plugins: 9 commits to the code base that changed 7,528 lines of code ( 2 committers were active)
- Mailing Lists:
- Dev: 237 emails sent and 51 topics discussed (48 different people)
- User: 96 emails sent and 22 topics discussed (29 different people)
New features and improvements
Functional enhancements and improvements as well as updates of third party libraries and source code refactoring:
Framework
- Decodes AjaxAutocompleteOptions return value (GitHub Link)
- Sets 'auth' to true for request urls used for Application components (GitHub Link)
- Adds unit testing, using JMockit, to ensure that form macros are rendered using ids from ModelFormField#getCurrentContainerId
- Adds license header to MacroFormRendererTest (GitHub Link)
- Styles alignment properties (GitHub Link)
- Unifies style application
- Extends gitignore by upload's sub folder (GitHub Link)
- Implements the pretty print for keyword search (GitHub Link)
- Adds type="text/css" on an link element of Header.ftl (GitHub Link)
- Improves web content caching (GitHub Link)
- Converts PartyPermissionServices.xml from mini lang to groovy (OFBIZ-11433)
- Marks a row of class CsrfUtil to be removed with OFBIZ-11229 (GitHub Link)
- Removes rawtype in class RequestHandler (GitHub Link)
- Provides POC for CSRF Token (OFBIZ-11306)
- Replaces 'module' by 'MODULE' everywhere (GitHub Link)
- Follows checkstyle conventions in files committed for CSRF token defense (GitHub Link)
- Converts OrderReturnService.xml from mini lang to groovy (OFBIZ-11442)
- Converts createPayment service from mini lang to groovy
- Moves '10 seconds' comments from security.properties to class CommonEvents (GitHub Link)
- Adds security.internal.sso.enabled and security.token.key SystemProperties
- Adds more token expire time to compensate for possible time difference (GitHub Link)
- Removes TODO, that is not required anymore (GitHub Link)
- Updates tasks.checkstyleMain.maxErrors
- Converts createContentAlternativeUrl service from mini lang to groovy (GitHub Link)
- Updates dependencycheck to last version (GitHub Link)
- Increases the size of http.upload.max.sizethreshold (GitHub Link)
Plugins
- Adds the meta CSRF token for Ajax (GitHub Link)
- Provides POC for CSRF Token (GitHub Link)
- Replaces 'module' by 'MODULE' everywhere (GitHub Link)
Bugfixes
Functional and technical bugfixes:
Framework
- Ensures that the SameSite attribute is set to 'strict' for all cookies
- Fixes: Specified key was too long; max key length is 767 bytes for ProductPromoCodeEmail entity (OFBIZ-5426) (#44)
- Fixes a ProductPromoCodeEmail foreign key name (GitHub Link)
- Fixes: The createTaskContent request does not work (GitHub Link)
- Corrects path to ftpAddress services in services_contact of party component (OFBIZ-11359)
- Corrects path to ftpAddress services in services of party component (OFBIZ-11359)
- Fixes: Prevent Host Header Injection (CVE-2019-12425) (GitHub Link)
- Fixes a Javadoc issue (GitHub Link)
- Fixes missing default NoCsrfDefenseStrategy in Header.ftl files (OFBIZ-11306)
- Updates checkstyleMain.maxErrors to fits with Buildbot report
- Fixes: 'entity/list' request is not handled well
- Fixes: 'FindJob' generates an error (GitHub Link)
- Fixes: Error in uploading very large files, ie >2MB
- Fixes: Error removing an uploaded party content (GitHub Link)
- Fixes: Exception error reflecting while eCommerce quick checkout and ordermgr checkout (OFBIZ-11506)
Documentation
Framework
- Adds the download-the-gradle-wrapper section (GitHub Link)
- Adds CSRF defense and updates password and JWT (GitHub Link)
- Improves security.properties documentation (GitHub Link)