Javascript libraries nested in Odoo source code #1834
Comments
|
Bundling a library in Odoo doesn't mean the vulnerability can be used, as you should know the use of such library inside Odoo. Simply having an outdated library version and checking the list of "updates" is not enough. Anyway, if you find a real security exploit, you should notify to Odoo in security at odoo dot com. |
|
@pedrobaeza thanks for your input. For me, these possible vulnerabilities are similar to a live virtual machine with missing updates. Also, there is a question of compliance of the system for insurances. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
and others
Hello, I have read the following discussion about managing external javascript libraries in OCA modules:
#842
The diverse opinions are interesting and illustrate well the problem we are facing with Odoo.
Odoo keeps outdated versions of multiple javascript libraries. Some very important libraries are outdated by more than 6 years.
https://github.com/odoo/odoo/tree/14.0/addons/web/static/lib
We have a client reporting javascript vulnerabilities by a security firm. This firm was mandated with auditing our client's website (a Odoo website/ecommerce).
My questions are:
The text was updated successfully, but these errors were encountered: