Skip to:
In a project we worked for a bank they made a security test with "HP Fortify WebInspect"
The tool reported many vulnerabilities - most of them found on the webstore.
As this piece of code is not relevant for the ERP itself, is unmaintained and representing a security risk, it must not be installed by default.
Proposal here is to move it to an external installable plugin.
Solved with https://idempiere.atlassian.net/browse/IDEMPIERE-4168#icft=IDEMPIERE-4168
MajorMajorMajor
In a project we worked for a bank they made a security test with "HP Fortify WebInspect"
The tool reported many vulnerabilities - most of them found on the webstore.
As this piece of code is not relevant for the ERP itself, is unmaintained and representing a security risk, it must not be installed by default.
Proposal here is to move it to an external installable plugin.