You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We have a client reporting javascript vulnerabilities by a security firm. This firm was mandated with auditing our client's website (a Odoo website/ecommerce).
My questions are:
What do you think is the actual risk introduced by these libraries?
How do you mitigate these vulnerabilities in your Odoo installations?
The text was updated successfully, but these errors were encountered:
Bundling a library in Odoo doesn't mean the vulnerability can be used, as you should know the use of such library inside Odoo. Simply having an outdated library version and checking the list of "updates" is not enough. Anyway, if you find a real security exploit, you should notify to Odoo in security at odoo dot com.
For me, these possible vulnerabilities are similar to a live virtual machine with missing updates.
Also, there is a question of compliance of the system for insurances.
I am not an expert on insurances, but it is important for our client to comply with audit reports and patch the system in order
to insure his company.
Hello, I have read the following discussion about managing external javascript libraries in OCA modules:
#842
The diverse opinions are interesting and illustrate well the problem we are facing with Odoo.
Odoo keeps outdated versions of multiple javascript libraries. Some very important libraries are outdated by more than 6 years.
https://github.com/odoo/odoo/tree/14.0/addons/web/static/lib
We have a client reporting javascript vulnerabilities by a security firm. This firm was mandated with auditing our client's website (a Odoo website/ecommerce).
My questions are:
The text was updated successfully, but these errors were encountered: