[tryton-announces] Security release for issue12108

[News - Tryton Discussion: pokoli]

Security release for issue12108 Synopsis A vulnerability in trytond has been found by José Antonio Díaz Miralles (@tiyujopite). Due to issue12108, the Tryton server does not refresh the authenticated user data but instead uses the values from the first request for as long as the transaction cache lasts. Resolution A fix for all supported versions has been released. Affected versions per supported series: trytond: 6.6: <= 6.6.5 6.4: <= 6.4.12 6.0: <= 6.0.28 Non affected versions per supported series: trytond: 6.6: >= 6.6.6 6.4: >= 6.4.13 6.0: >= 6.0.29 We encourage everyone to upgrade the trytond package to latest released version. Reference Transaction cache override the current user (#12108) · Issues · Tryton / Tryton · GitLab Concerns? Any security concerns should be reported on the bug-tracker at [Issues · Tryton / Tryton · GitLab) marking them as confidential. 1 post - 1 participant Read full topic URL: https://discuss.tryton.org/t/security-release-for-issue12108/5999