Hi everyone, We have just released version 1.5.3 of Oscar, which is a security release that fixes a vulnerability in the way order tracking URLs for anonymous checkout orders were generated. The vulnerability could result in privilege escalation and unauthorised data access, so projects that allow anonymous checkout are highly encouraged to upgrade as soon as possible, and to cycle the Django SECRET_KEY setting. Details can be found in the release notes here: http://django-oscar.readthedocs.io/en/releases-1.6/releases/v1.5.3.html .
We have also issued a release client for version 1.6 of Oscar, the release notes for which are here: http://django-oscar.readthedocs.io/en/releases-1.6/releases/v1.6.html Cheers, Samir -- https://github.com/tangentlabs/django-oscar http://django-oscar.readthedocs.org/en/latest/ https://twitter.com/django_oscar --- You received this message because you are subscribed to the Google Groups "django-oscar" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-oscar+unsubscr...@googlegroups.com. Visit this group at https://groups.google.com/group/django-oscar. To view this discussion on the web, visit https://groups.google.com/d/msgid/django-oscar/c2a93046-de6a-4821-81c6-f0ca05020d0b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.