Axel Braun
2018-03-08 21:44:58 UTC
Dear all,
please be aware that there is a security issue with Tryton Sao, the web client
of the Tryton ERP platform.
Sao is based on jQuery 2.x, which is not maintained anymore [1].
The developers of jQuery state:
<quote>
jQuery 2.x is no longer maintained and contains vulnerabilities that could
lead to security issues in add-ons
</quote>
The issue that sao is based on in between unmaintained and unsecure software
components was discussed, but is unsolved up to now [2] .
As all versions of sao including Tryton 4.6 are affected, there is currently
no migration or upgrade path.
I have disabled the build for sao packages on openSUSE until further notice.
Have a good weekend
Axel
[1] https://bugs.tryton.org/issue7140
[2] https://bugs.tryton.org/issue5925
please be aware that there is a security issue with Tryton Sao, the web client
of the Tryton ERP platform.
Sao is based on jQuery 2.x, which is not maintained anymore [1].
The developers of jQuery state:
<quote>
jQuery 2.x is no longer maintained and contains vulnerabilities that could
lead to security issues in add-ons
</quote>
The issue that sao is based on in between unmaintained and unsecure software
components was discussed, but is unsolved up to now [2] .
As all versions of sao including Tryton 4.6 are affected, there is currently
no migration or upgrade path.
I have disabled the build for sao packages on openSUSE until further notice.
Have a good weekend
Axel
[1] https://bugs.tryton.org/issue7140
[2] https://bugs.tryton.org/issue5925
--
You received this message because you are subscribed to the Google Groups "tryton" group.
To view this discussion on the web visit https://groups.google.com/d/msgid/tryton/25345683.jAfbSBLLbk%40southpole.
You received this message because you are subscribed to the Google Groups "tryton" group.
To view this discussion on the web visit https://groups.google.com/d/msgid/tryton/25345683.jAfbSBLLbk%40southpole.