Contributors mailing list archives

contributors@odoo-community.org

Browse archives

Avatar

Re: [PSA] mail template editor group, mass mailing user group

by
Holger Brunn
- 29/02/2024 17:49:55
> Did you report this vulnerability to Odoo SA?

> https://www.odoo.com/security-report [1]

yes, but I learned this was a choice they made. You're supposed to click the 
'restrict mail templates' flag in the general settings if you disagree. (which 
still doesn't change the fact that everyone is a mail template editor as soon 
as you install mass_mailing)

Seems a different philosophy, I want secure by default, they want easy. 
Actually, I was a bit frightened about this being a conscious choice so now 
I'm sifting through other core modules if I find similar choices.

If so, a secure-by-default oca repo might be in order, where we collect 
modules like the ones I propose above, and set them to auto install.


-- 
Your partner for the hard Odoo problems
https://hunki-enterprises.com

Reference