Oscar 1.5.3 security release, and Oscar 1.6 release client
8 views
Skip to first unread message
Samir Shah
Apr 11, 2018, 7:53:35 AM4/11/18
to django-oscar
Hi everyone,
We have just released version 1.5.3 of Oscar, which is a security release that fixes a vulnerability in the way order tracking URLs for anonymous checkout orders were generated. The vulnerability could result in privilege escalation and unauthorised data access, so projects that allow anonymous checkout are highly encouraged to upgrade as soon as possible, and to cycle the Django SECRET_KEY setting. Details can be found in the release notes here: http://django-oscar.readthedocs.io/en/releases-1.6/releases/v1.5.3.html .
We have also issued a release client for version 1.6 of Oscar, the release notes for which are here: http://django-oscar.readthedocs.io/en/releases-1.6/releases/v1.6.html
Cheers,
Samir
We have just released version 1.5.3 of Oscar, which is a security release that fixes a vulnerability in the way order tracking URLs for anonymous checkout orders were generated. The vulnerability could result in privilege escalation and unauthorised data access, so projects that allow anonymous checkout are highly encouraged to upgrade as soon as possible, and to cycle the Django SECRET_KEY setting. Details can be found in the release notes here: http://django-oscar.readthedocs.io/en/releases-1.6/releases/v1.5.3.html .
We have also issued a release client for version 1.6 of Oscar, the release notes for which are here: http://django-oscar.readthedocs.io/en/releases-1.6/releases/v1.6.html
Cheers,
Samir
Reply all
Reply to author
Forward
0 new messages