[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Health] Security warning for Tryton-sao
From: |
Axel Braun |
Subject: |
[Health] Security warning for Tryton-sao |
Date: |
Thu, 08 Mar 2018 22:44:58 +0100 |
Dear all,
please be aware that there is a security issue with Tryton Sao, the web client
of the Tryton ERP platform.
Sao is based on jQuery 2.x, which is not maintained anymore [1].
The developers of jQuery state:
<quote>
jQuery 2.x is no longer maintained and contains vulnerabilities that could
lead to security issues in add-ons
</quote>
The issue that sao is based on in between unmaintained and unsecure software
components was discussed, but is unsolved up to now [2] .
As all versions of sao including Tryton 4.6 are affected, there is currently
no migration or upgrade path.
I have disabled the build for sao packages on openSUSE until further notice.
Have a good weekend
Axel
[1] https://bugs.tryton.org/issue7140
[2] https://bugs.tryton.org/issue5925
- [Health] Security warning for Tryton-sao,
Axel Braun <=