Here’s an interesting article on an OfBiz security vulnerability: https://alternativeto.net/news/2023/12/zero-day-authentication-bypass-vulnerability-discovered-in-apache-ofbiz-erp-system/
It looks like it was fixed with this commit: Replaced direct null checks on username, password, and token with Uti… · apache/ofbiz-framework@fb51a0e · GitHub
Just thought I’d share. Make sure to update your OfBiz instances if you haven’t already