"Please update your systems to take care of a security related bug we found last month. Luis Falcon has found that trytond may log sensitive data like passwords when the logging level is set to INFO. ImpactCVSS v3.0 Base Score: 4.2 Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None Workaround Increasing the logging level above INFO prevents logging of the sensitive data."
"Changes for the User Sales, Purchases and Projects We now use the guest-party for a Shopify order without a known customer which can be updated with the proper party in the admin-panel at a later time. Now we support the orders/edited and orders/cancelled web-hooks from Shopify. New Releases We released bug fixes for the currently maintained long term support series7.0 and 6.0, and for the penultimate series 7.4."
During the last month the project focused on fixing bugs, improving behaviour of features, and speeding up performance, while building on the previous release. An issue tracker and merge requests filtered by label provide an in-depth overview of Tryton issues. For users, Shopify orders without known customers now use a guest-party that can be updated later in the admin panel, and the orders/edited and orders/cancelled webhooks from Shopify are supported. New bug-fix releases were published for long-term support series 7.0 and 6.0 and for series 7.4. A security-related bug was found: trytond may log sensitive data like passwords when logging level is INFO. Increasing the logging level above INFO or upgrading trytond are recommended.
Read at Tryton Discussion
Unable to calculate read time
Collection
[
|
...
]