Dear All, Odoo is very careful and cautious about the Security and as the product grows bigger, it becomes even more important and it becomes an asset of the Odoo, in the era of daily-changing-technology. We have an update from Odoo which we are putting here in order to keep a track of security updates - An email from Olivier Dony said: We have just disclosed 7 important security advisories. Please review them carefully and make sure your on-premise Odoo installations are up-to-date.
- 2016-04a-password-export: User access to secure password hashes - Score: 4.0 https://github.com/odoo/odoo/issues/13175
- 2016-04b-user-write - Modification / Hijack of other user accounts - Score: 7.5 https://github.com/odoo/odoo/issues/13177
- 2016-07a-login-redirect - Cross-site scripting in login redirect - Score: 5.9 https://github.com/odoo/odoo/issues/13179
- 2016-07b-ogone-eval - Arbitrary code execution with Ogone transactions - Score: 7.3 https://github.com/odoo/odoo/issues/13180
- 2016-07c-unsafe-pickle - Stored remote code execution - Score: 5.9 https://github.com/odoo/odoo/issues/13181
- 2016-07d-unsafe-eval - Stored remote code execution - Score: 5.7 https://github.com/odoo/odoo/issues/13182
- 2016-07e-portal-wizard - Privilege escalation via Share Wizard - Score: 7.3 https://github.com/odoo/odoo/issues/13183