"Usually we would release the new Tryton version 7.8 in November, but this time we postpone the release. In the last month we focused on fixing bugs, improving the behaviour of things, speeding-up performance issues - building on the changes from our last release. We also added some new features which we would like to introduce to you in this newsletter."
"Brandon Da Costa and Mahdi Afshar have found that sao executes JavaScript included in HTML documents (such as attachments). These documents may be uploaded by any authenticated user. The JavaScript is executed in the same context as sao which gives access to sensitive data such as the session. ImpactCVSS v3.0 Base Score: 7.3 Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: No..."
Tryton postponed the planned November release of version 7.8 to concentrate on bug fixes, behavioral improvements, performance optimizations, and new features. Sales, purchases, and project modules now include product attribute names in line lists and allow filtering by attributes when searching products. Accounting exports use the invoice description for the French FEC file, and the move description EcritureLib is omitted when the move line originates from an invoice. System rules now prevent changing a company's party after creation and require a party to be assigned to only one company. Documentation now clarifies digits and documents the scheduled task for assigning shipments and productions. Bugfix releases were published for series 7.0, 6.0, and 7.4. A security vulnerability in sao that executes JavaScript in uploaded HTML attachments requires immediate updates.
Read at Tryton Discussion
Unable to calculate read time
Collection
[
|
...
]