Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ful14 security patches #48

Open
wants to merge 12 commits into
base: ful14
Choose a base branch
from
Open

Ful14 security patches #48

wants to merge 12 commits into from

Conversation

bcbrakelOSI
Copy link

Description of the issue/feature this PR addresses:
This PR applies all of the security patches that were announced for Odoo in December 2021 except for one which may potentially break large object support, or cause other issues. This last patch will be concluded as soon as we have a response from Odoo clarifying what the patch does.

Current behavior before PR:
Security patches have not been applied.

Desired behavior after PR is merged:
Security patches have been applied with no adverse alterations to Odoo's functionality.

mart-e and others added 12 commits February 18, 2022 09:16
@mart-e @bcbrakelOSI
base: correct evaluation context for report rendering
61685d7 
Fix of 57665a0 which was problematic in point_of_sale
@JKE-be @bcbrakelOSI
base: filter assets
6880688 
Partially backport the changes from 49429f9 to file_open to be
able to use it in the assetsbundle
@bcbrakelOSI
base: prevent messing up existing registry
187daff
@tivisse @bcbrakelOSI
ir_demo.py: Force admin access to load demo data
5e406fc 
Only admin users should be able to load demo data, if needed.

This is only possible from the settings dashboard, and thus,
the method could be decorated.

See: c002e2e
@seb-odoo @bcbrakelOSI
mail: fixup of 8af59b9
1a5d7a1 
task-2388659
@AntoineVDV @bcbrakelOSI
payment: don't display token in error message
e4067c5 
This is internal data that does not need to be shown to the user
@odony @bcbrakelOSI
web: expect explicit sign up parameters
c44301c 
Using an explicit list of sign up parameters will avoid
polluting the context with unrelated values, and make
debugging easier.
@xmo-odoo @bcbrakelOSI
web: more reliably avoid downloads on new file
e49991d 
5195550 mitigated an issue of being
able to try and download files which don't exist yet, make the fix
more reliable by clearing out the field completely and hiding the
content if the (readonly) field has no value *or the record is not
saved yet*.

Also clean up the code:

* an old-style forward port created a duplicate fixprovement
  (a8d01cb) which seems less correct
  as it applies conditionally
* and the code is branchier than necessary, we can make it simpler by
  judiciously leveraging jquery's API

closes odoo#77756

X-original-commit: 05db9be
Signed-off-by: Xavier Morel (xmo) <xmo@odoo.com>
@qsm-odoo @bcbrakelOSI
website: fix video loading
36064d5 
task-2376327
@xmo-odoo @bcbrakelOSI
avoid cycle on request
49aaee8
@bcbrakelOSI
Apply l10n_fr_fec security patch
0fed9d3
@bcbrakelOSI
Pull back the payment security patch as it breaks all payments.
1825a23
patrickrwilson
patrickrwilson approved these changes Feb 27, 2023
View reviewed changes
Copy link

@patrickrwilson patrickrwilson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@patrickrwilson patrickrwilson patrickrwilson approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
10 participants
@bcbrakelOSI @patrickrwilson @mart-e @JKE-be @tivisse @seb-odoo @AntoineVDV @odony @xmo-odoo @qsm-odoo