Contributors mailing list archives
contributors@odoo-community.org
Browse archives
Re: [PSA] mail template editor group, mass mailing user group
Re: [PSA] mail template editor group, mass mailing user group
Re: [PSA] mail template editor group, mass mailing user group
by
Holger Brunn
> Did you report this vulnerability to Odoo SA? > https://www.odoo.com/security-report [1] yes, but I learned this was a choice they made. You're supposed to click the 'restrict mail templates' flag in the general settings if you disagree. (which still doesn't change the fact that everyone is a mail template editor as soon as you install mass_mailing) Seems a different philosophy, I want secure by default, they want easy. Actually, I was a bit frightened about this being a conscious choice so now I'm sifting through other core modules if I find similar choices. If so, a secure-by-default oca repo might be in order, where we collect modules like the ones I propose above, and set them to auto install. -- Your partner for the hard Odoo problems https://hunki-enterprises.com
Reference
-
[PSA] mail template editor group, mass mailing user group
byHolger Brunn- 29/02/2024 16:38:17 - 1-
Re: [PSA] mail template editor group, mass mailing user group
by "Graeme Gellatly" <graeme@moahub.nz> - 29/02/2024 20:09:43 - 0 -
Re: [PSA] mail template editor group, mass mailing user group
byHolger Brunn- 29/02/2024 19:30:52 - 1 -
Re: [PSA] mail template editor group, mass mailing user group
by "Adam Heinz" <adam.heinz@metricwise.com> - 29/02/2024 19:11:02 - 0 -
Re: [PSA] mail template editor group, mass mailing user group
byHolger Brunn- 29/02/2024 17:49:55 - 1 -
Re: [PSA] mail template editor group, mass mailing user group
by "Adam Heinz" <adam.heinz@metricwise.com> - 29/02/2024 17:08:18 - 0
-
