[Health] Security warning for Tryton-sao

health

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Health] Security warning for Tryton-sao

From:	Axel Braun
Subject:	[Health] Security warning for Tryton-sao
Date:	Thu, 08 Mar 2018 22:44:58 +0100

Dear all,

please be aware that there is a security issue with Tryton Sao, the web client 
of the Tryton ERP platform.

Sao is based on jQuery 2.x, which is not maintained anymore [1].

The developers of jQuery state:
<quote>
jQuery 2.x is no longer maintained and contains vulnerabilities that could 
lead to security issues in add-ons
</quote>

The issue that sao is based on in between unmaintained and unsecure software 
components was discussed, but is unsolved up to now [2] .

As all versions of sao including Tryton 4.6 are affected, there is currently 
no migration or upgrade path.

I have disabled the build for sao packages on openSUSE until further notice. 

Have a good weekend
Axel

[1] https://bugs.tryton.org/issue7140
[2] https://bugs.tryton.org/issue5925

[Prev in Thread]

Current Thread

[Next in Thread]

[Health] Security warning for Tryton-sao, Axel Braun <=
- Re: [Health] Security warning for Tryton-sao, Luis Falcon, 2018/03/09

Prev by Date: Re: [Health] minor issues with precription
Next by Date: Re: [Health] Security warning for Tryton-sao
Previous by thread: Re: [Health] minor issues with precription
Next by thread: Re: [Health] Security warning for Tryton-sao
Index(es):
- Date
- Thread