Zero-day authentication bypass vulnerability discovered in Apache OFBiz ERP system

Here’s an interesting article on an OfBiz security vulnerability: https://alternativeto.net/news/2023/12/zero-day-authentication-bypass-vulnerability-discovered-in-apache-ofbiz-erp-system/

It looks like it was fixed with this commit: Replaced direct null checks on username, password, and token with Uti… · apache/ofbiz-framework@fb51a0e · GitHub

Just thought I’d share. Make sure to update your OfBiz instances if you haven’t already