1. Mailing Lists
  2. Contributors
  3. Re: [PSA] mail template editor group, mass mailing user group

Contributors mailing list archives

contributors@odoo-community.org

Browse archives

Re: [PSA] mail template editor group, mass mailing user group

Re: [PSA] mail template editor group, mass mailing user group

Avatar

Re: [PSA] mail template editor group, mass mailing user group

by "Adam Heinz" <adam.heinz@metricwise.com> - 29/02/2024 19:11:02
I think a security repository sounds like a great idea. I am less enthusiastic about auto-installation, as its use is a bit contentious and has spawned modules like module_change_auto_install.

On Thu, Feb 29, 2024 at 11:52 AM Holger Brunn <notifications@odoo-community.org> wrote:
> Did you report this vulnerability to Odoo SA?


> https://www.odoo.com/security-report [1]

yes, but I learned this was a choice they made. You're supposed to click the 
'restrict mail templates' flag in the general settings if you disagree. (which 
still doesn't change the fact that everyone is a mail template editor as soon 
as you install mass_mailing)

Seems a different philosophy, I want secure by default, they want easy. 
Actually, I was a bit frightened about this being a conscious choice so now 
I'm sifting through other core modules if I find similar choices.

If so, a secure-by-default oca repo might be in order, where we collect 
modules like the ones I propose above, and set them to auto install.



-- 
Your partner for the hard Odoo problems
https://hunki-enterprises.com

_______________________________________________
Mailing-List: https://odoo-community.org/groups/contributors-15
Post to: mailto:contributors@odoo-community.org
Unsubscribe: https://odoo-community.org/groups?unsubscribe

Reference