Hi everyone,

We have just released version 1.5.3 of Oscar, which is a security release 
that fixes a vulnerability in the way order tracking URLs for anonymous 
checkout orders were generated. The vulnerability could result in privilege 
escalation and unauthorised data access, so projects that allow anonymous 
checkout are highly encouraged to upgrade as soon as possible, and to cycle 
the Django SECRET_KEY setting. Details can be found in the release notes 
here: 
http://django-oscar.readthedocs.io/en/releases-1.6/releases/v1.5.3.html .

We have also issued a release client for version 1.6 of Oscar, the release 
notes for which are here: 
http://django-oscar.readthedocs.io/en/releases-1.6/releases/v1.6.html

Cheers,

Samir

-- 
https://github.com/tangentlabs/django-oscar
http://django-oscar.readthedocs.org/en/latest/
https://twitter.com/django_oscar
--- 
You received this message because you are subscribed to the Google Groups 
"django-oscar" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-oscar+unsubscr...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-oscar.
To view this discussion on the web, visit 
https://groups.google.com/d/msgid/django-oscar/c2a93046-de6a-4821-81c6-f0ca05020d0b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to