A vulnerability in
trytond has been found by José Antonio Díaz Miralles (@tiyujopite).
Due to issue12108, the Tryton server does not refresh the authenticated user data but instead uses the values from the first request.
A fix for all supported versions has been released.
Affected versions per supported series:
trytond: 6.6: <= 6.6.5 6.4: <= 6.4.12 6.0: <= 6.0.28
Non affected versions per supported series:
trytond: 6.6: >= 6.6.6 6.4: >= 6.4.13 6.0: >= 6.0.29
We encourage everyone to upgrade the trytond package to latest released version.
Any security concerns should be reported on the bug-tracker at [Issues · Tryton / Tryton · GitLab) marking them as