Security release for issue12108


A vulnerability in trytond has been found by José Antonio Díaz Miralles (@tiyujopite).
Due to issue12108, the Tryton server does not refresh the authenticated user data but instead uses the values from the first request.


A fix for all supported versions has been released.

Affected versions per supported series:

    6.6: <= 6.6.5
    6.4: <= 6.4.12
    6.0: <= 6.0.28

Non affected versions per supported series:

    6.6: >= 6.6.6
    6.4: >= 6.4.13
    6.0: >= 6.0.29

We encourage everyone to upgrade the trytond package to latest released version.



Any security concerns should be reported on the bug-tracker at [Issues · Tryton / Tryton · GitLab) marking them as confidential.

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.