Fixed: Disable the Birt component in all branches (including trunk) because of CVE-2022-25371 (OFBIZ-12824)

See https://lists.apache.org/thread/bvp3sczqq863lxr1wh7wjvdtjbkcwspq

No patches were provided because only 18.12.06 was concerned so far

Conflicts handled by hand birt/src/docs/asciidoc/birt.adoc

Author: JacquesLeRoux

birt/ofbiz-component.xml

@@ -18,7 +18,11 @@ specific language governing permissions and limitations
 under the License.
 -->
 
-<ofbiz-component name="birt" enabled="true"
+<!--
+   Warning: before you enable this component please read:
+https://cwiki.apache.org/confluence/display/OFBIZ/Using+BIRT+with+OFBiz
+-->
+<ofbiz-component name="birt" enabled="false"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:noNamespaceSchemaLocation="https://ofbiz.apache.org/dtds/ofbiz-component.xsd">
     <resource-loader name="main" type="component"/>
@@ -42,7 +46,7 @@ under the License.
     <entity-resource type="model" reader-name="main" loader="main" location="entitydef/ServiceReportsView.xml"/>
 
     <service-resource type="model" loader="main" location="servicedef/services.xml"/>
-   
+
     <!-- this overrides the accounting, facility and order applications in order to use Birt in these applications -->
     <webapp name="accounting"
         title="Accounting"

birt/src/docs/asciidoc/birt.adoc

@@ -18,7 +18,14 @@ under the License.
 ////
 = Birt Apache OFBiz® plugin
 The Apache OFBiz Project
-Release 17.12
+
+
+[CAUTION]
+====
+By default the Birt plugin is disabled for security reason, see the Birt ofbiz-component.xml file for more info.
+
+====
+
 :imagesdir: ./images
 ifdef::backend-pdf[]
 :title-logo-image: image::OFBiz-Logo.svg[Apache OFBiz Logo, pdfwidth=4.25in, align=center]