Oscar 1.5.3 security release, and Oscar 1.6 release client
8 Aufrufe
Direkt zur ersten ungelesenen Nachricht
Samir Shah
11.04.2018, 07:53:3511.04.18
an django-oscar
Hi everyone,
We have just released version 1.5.3 of Oscar, which is a security release that fixes a vulnerability in the way order tracking URLs for anonymous checkout orders were generated. The vulnerability could result in privilege escalation and unauthorised data access, so projects that allow anonymous checkout are highly encouraged to upgrade as soon as possible, and to cycle the Django SECRET_KEY setting. Details can be found in the release notes here: http://django-oscar.readthedocs.io/en/releases-1.6/releases/v1.5.3.html .
We have also issued a release client for version 1.6 of Oscar, the release notes for which are here: http://django-oscar.readthedocs.io/en/releases-1.6/releases/v1.6.html
Cheers,
Samir
We have just released version 1.5.3 of Oscar, which is a security release that fixes a vulnerability in the way order tracking URLs for anonymous checkout orders were generated. The vulnerability could result in privilege escalation and unauthorised data access, so projects that allow anonymous checkout are highly encouraged to upgrade as soon as possible, and to cycle the Django SECRET_KEY setting. Details can be found in the release notes here: http://django-oscar.readthedocs.io/en/releases-1.6/releases/v1.5.3.html .
We have also issued a release client for version 1.6 of Oscar, the release notes for which are here: http://django-oscar.readthedocs.io/en/releases-1.6/releases/v1.6.html
Cheers,
Samir
Allen antworten
Antwort an Autor
Weiterleiten
0 neue Nachrichten