We are currently using the community edition of Odoo, and are looking for up-to-date disclosures of security vulnerabilities affecting Odoo. It seems we have to either search the github page for the Security label, or purchase a subscription in order to view security advisories at odoo dot com. Unfortunately, with the github page, it appears that vulnerabilities are disclosed only once a year. Can anyone with a subscription confirm that the security advisories page at odoo dot com has a more up-to-date report? Not sure why Odoo would make their software open source but put their security advisories behind a paywall...
Odoo is the world's easiest all-in-one management software.
It includes hundreds of business apps:
- 客戶關係
- e-Commerce
- 會計
- 庫存
- PoS
- Project
- MRP
此問題已被標幟
1
回覆
1359
瀏覽次數
We do have a more up to date report, I can confirm.
We publish vulnerabilities as soon as possible [when the vulnerability has been addressed]
Sometimes when you look at the report it will not show anything (because we've published everything) and at other times it will show something (because we haven't addressed the vulnerability yet)
Ray,
Can you link to this report? Is it the page that requires an enterprise subscription?
The report is only available after entering your subscription code at odoo.com/security-advisories
Is there any other avenue whereby we can check for the latest Odoo vulnerabilities, other than by purchasing an enterprise subscription?
Not that I am aware of.
Might I request that the security advisories page be made public, so that community users are not left in the dark regarding vulnerabilities affecting Odoo?
Sure, you would do that via https://github.odoo/odoo/issues
