Skip to Content
  • migration from 16.0 to 17.0
    When I tried to pull a request for a module that I have upgraded and my customer uses it I got 3 errors by the bot.

    Here is the pull request:
    https://github.com/OCA/product-attribute/pull/1700

    The module is:
    product_pricelist_fixed_currency_rate

    Please help me to make it successful, thanks.

    by Mohamed Alkobrosly - 01:17 - 6 Aug 2024
  • Bug Report
    Hi Team,
    I hope you are well.

    I would like to share another vulnerability of your website

    Vulnerability 1: Non - secure requests are not automatically upgraded to HTTPS | HSTS missing

    Description

    The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS encryption, and use the application as a platform for attacks against its users. This attack is performed by rewriting HTTPS links as HTTP so that if a targeted user follows a link to the site from an HTTP page, their browser never attempts to use an encrypted connection. The sslstrip tool automates this process.

    To exploit this vulnerability, an attacker must be suitably positioned to intercept and modify the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure.


    Steps to Reproduce:
    2) enter your domain

    References
    HTTP Strict Transport Security
    sslstrip
    HSTS Preload Form

    Impact:
    The application should instruct web browsers to only access the application using HTTPS. To do this, enable HTTP Strict Transport Security (HSTS) by adding a response header with the name 'Strict-Transport-Security' and the value 'max-age=expireTime', where expireTime is the time in seconds that browsers should remember that the site should only be accessed using HTTPS. Consider adding the 'includeSubDomains' flag if appropriate.

    Note that because HSTS is a "trust on first use" (TOFU) protocol, a user who has never accessed the application will never have seen the HSTS header, and will therefore still be vulnerable to SSL stripping attacks. To mitigate this risk, you can optionally add the 'preload' flag to the HSTS header, and submit the domain for review by browser vendors.

    Vulnerability 2 : Strict transport security not enforced


    Issue Description:
    The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS encryption, and use the application as a platform for attacks against its users. This attack is performed by rewriting HTTPS links as HTTP, so that if a targeted user follows a link to the site from an HTTP page, their browser never attempts to use an encrypted connection. The sslstrip tool automates this process.

    To exploit this vulnerability, an attacker must be suitably positioned to intercept and modify the victim's network traffic.This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure.

    Issue remediation:
    The application should instruct web browsers to only access the application using HTTPS. To do this, enable HTTP Strict Transport Security (HSTS) by adding a response header with the name 'Strict-Transport-Security' and the value 'max-age=expireTime', where expireTime is the time in seconds that browsers should remember that the site should only be accessed using HTTPS. Consider adding the 'includeSubDomains' flag if appropriate.

    Note that because HSTS is a "trust on first use" (TOFU) protocol, a user who has never accessed the application will never have seen the HSTS header, and will therefore still be vulnerable to SSL stripping attacks. To mitigate this risk, you can optionally add the 'preload' flag to the HSTS header, and submit the domain for review by browser vendors.    

    Looking forward to hearing from you soon.

    Kind Regards.
    image.png

    by "Jenny Rose" <infosec.jenny@gmail.com> - 07:11 - 1 Aug 2024
  • 🎫 Jueves Adhoc Live: Quickstart: el Sistema de Gestión para escalar tu Pyme sin gastar fortuna

    🤯 Vos que sos emprendedor y te cuesta vender porque estás con 500 planillas de excel, que no sabes cuánto ganas o perdes, que no sabes cuánto stock tenes. Este streaming en vivo es para vos.

    Bruno Davico y Victoria Garcia te muestran cómo pasar al frente en tu negocio y dejar la locura de las planillas, de la facturación recurrente manual y otros tantos problemas de una pequeña empresa en su día a día


    ⏰ Te esperamos el jueves 01/08 a las: 

    🇦🇷🇨🇱🇺🇾 14 hs

    🇪🇸 19 hs


    Te podés inscribir e ingresar cuando estemos en vivo directamente desde este link.


    Espero verte por ahí 🫡 

    Damián Vilagrasa

    ​Marketing, Tech & Business Development​

    Adhoc SA

    Recibiste este correo porque te suscribiste a Adhoc SA ¿Deseas desuscribirte?

    by "Dami de Adhoc" <dav@adhoc.com.ar> - 06:00 - 1 Aug 2024
  • Activating tab on form from code?

    Hello,


    I would need to make certain tab active based on field contents of the record in basically 2 scenarios:

    1) As a result of the action

    2) When opening the record in form view


    The idea is to lead the user to a tab where they need to fill in some stuff.


    2) would override default system behavior that tries to keep last open tab open when switching to next record - i.e. I open one record from tree view and the press Next. It should also work when I open the first one.

    1) would seem to be easier but I do not have any idea how to tacke this. Manipulating view architecture does not seem to work because there is no information on the record being displayed


    Am I missing something? Any pointers on how to do this?


    Thank you very much. Best regards


        Radovan


    by Radovan Skolnik - 07:56 - 31 Jul 2024
  • pandoc-*.deb cleaning in OCA repositories
    Due to a mistake on the tool to generate the READMES (fixed in [1]), some very big files ~30 MB each~ (with extension .deb or .dmg for Mac users) have been added both by the merge bot or by users doing a module migration.

    This makes that on branch/repository clonation, or any free pull operation on any local git repository copy (of any branch) wastes a lot of bandwidth and resources, and is not ecological friendly.

    Due to this, and although not ideal, we plan to force push the affected repositories (note that this has been only in 17.0 branches), following [3] technique recommended by Nils.

    The drawback of doing this is that your next `git pull` operations on that branches will fail, saying about unrelated commit histories or creating a merge commit with possible conflicts.

    The solution for avoiding it is to do the commands:

    git fetch origin 17.0
    git reset --hard origin/17.0

    (being origin the OCA remote). In fact, this is the recommended way to do it in automated pulling systems.

    If you don't have any strong counter-arguments, I will perform it at the end of the week. I will announce here the affected repositories after the operation.

    Regards.


    by Pedro M. Baeza - 06:11 - 29 Jul 2024
  • Reflections on Odoo
    Hi there.

    I've put together some thoughts on software implementation and cost, using the experience of a council in the UK as an example. I make the point the exorbitant cost of the usual ERP solution providers has contributed to the failure and suggest (in a nutshell) to try Odoo.

    If you think it's worth commenting on or sharing, please do so.


    I hope it helps.

    Thanks
    Jon

    by Baxter Thompson Ltd - 12:16 - 18 Jul 2024
  • Mod 193 Odoo 14

    Dear Contributors,

    I hope this message finds you well. I am writing to inquire about the availability of an Odoo module that can generate the model 193 for Spanish tax declaration,This model corresponds to the annual declaration of model 123 that is implemented.

    If there is no existing module, perhaps we can implement it based on the other models

    Thank you very much for your assistance.

    Best regards,

     

     

    Atentamente

     

    David Cuellas González

    Coordinador de Software y Desarrollo

    signature_1231745893 

    C/ Rosalía de Castro N17, Puerta1 Entresuelo

    36201 Vigo Pontevedra

    Tel.: 886138703

    Fax: 886137958

    Móvil 678206430

    david.cuellas@aureatic.com

    aureatic.com

     

    Antes de imprimir este correo electrónico piense bien si es necesario hacerlo: El medioambiente es cosa de todos.

    signature_463663753

    Los datos incluidos en esta comunicación forman parte de los ficheros de AUREATIC, S.L.L con domicilio en C/ Rosalía de Castro N17 Puerta 1, 36201 de Vigo (Pontevedra) y serán tratados con la finalidad llevar a cabo la gestión de contactos de la empresa, la comunicación con terceros y el envío de información sobre nuestros servicios a través de medios electrónicos. Los interesados podrán ejercitar los derechos de acceso, rectificación, cancelación, revocación y oposición, incluso respecto a la recepción de comunicaciones comerciales, en la dirección lopd@aureatic.com. La información contenida en este correo electrónico tiene carácter confidencial y podrá ser utilizada y visualizada únicamente por el (los) destinatario (s). En caso de haber recibido este correo electrónico por error, deberá proceder a su inmediata destrucción sin hacer uso de la información en él contenida.

     

    Los principios que orientan a la Economía Social en España son:

    Primacía de las personas y del fin social sobre el capital, que se concreta en gestión autónoma y transparente, democrática y participativa, que lleva a priorizar la toma de decisiones más en función de las personas y sus aportaciones de trabajo y servicios prestados a la entidad o en función del fin social, que en relación a sus aportaciones al capital social. - Aplicación de los resultados obtenidos de la actividad económica principalmente en función del trabajo aportado y servicio o actividad realizada por las socias y socios o por sus miembros y, en su caso, al fin social objeto de la entidad.- Promoción de la solidaridad interna y con la sociedad que favorezca el compromiso con el desarrollo local, la igualdad de oportunidades entre hombres y mujeres, la cohesión social, la inserción de personas en riesgo de exclusión social, la generación de empleo estable y de calidad, la conciliación de la vida personal, familiar y laboral y la sostenibilidad.- Independencia respecto a los poderes públicos.

     

     

     

     


    by David Cuellas - 11:01 - 17 Jul 2024
  • Specific Identification Inventory Valuation Method
    Dear OCA Community,

    Is anyone aware of an OCA module that implements "Specific Identification Inventory Valuation Method"?  If the OCA were interested in adopting such a module, to which project or repository would it be assigned?

    I will soon start work on a 16.0 module to implement the new costing method. Simple FIFO does not work for my business.  The situation is explained somewhat in the following posts:


    Matt


    by Matt - 07:41 - 15 Jul 2024
  • Next OCA Live Session This Week - Tuesday 16th July
    Hello OCA Contributors.

    I hope this finds you all well.

    I just wanted to share that our next OCA Live Session happens this week.

    Screen Shot 2024-07-04 at 8.58.34 PM.png
    Tuesday 16th July at 8pm CEST/ 6pm UTC here: https://meet.google.com/dio-otmm-trk We want to be available to anyone interested or involved in the OCA who has questions or needs help on any OCA-related topic, once a month during a live open session. Anyone is welcome, any profile, any level of knowledge about the OCA. 

    Take this opportunity to give us feedback on what you need from us, to understand what the OCA can help you with and what you can do for the OCA to thrive!

    No need to register - just join the meeting.

    Have a great week,
    Rebecca

    --
    Rebecca Gellatly
    General Secretary
    Odoo Community Association

    by Rebecca Gellatly (OCA) - 07:21 - 15 Jul 2024
  • POS payment terminal
    Dear community,

    I was asked for POS payment terminal module for version 17.

    I am a developer, I can upgrade and push it into the GitHub repository, but if someone already did that I can test what he made.

    Please let me know if someone has tried before to save my time.

    thanks very much

    by Mohamed Alkobrosly - 01:46 - 13 Jul 2024
  • Request for Review and Approval - OCA Commit

    Dear OCA Core Maintainers,

    I hope this message finds you well.

    I have submitted a pull request to the OCA/web repository and would appreciate your review and approval. The details of the pull request are as follows:

    Pull Request URL: https://github.com/OCA/web/pull/2864

    Please let me know if there are any changes or additional information required.

    Thank you for your time and assistance.

    Best regards,
    Angel Patel


    by angel@rooteam.net - 04:51 - 12 Jul 2024
  • Purchase order line delivery state
    Hi, 

    did someone ever developed the purchase order line counterpart for sale_order_line_delivery_state ? In Odoo14 or very similar versions. Didn't find it in OCA repos.

    Thanks,
    Francesco Ballerini

    by Francesco Ballerini - 11:56 - 10 Jul 2024
  • Weblate updated to v5
    Dear OCA community,
    
    For information, I have just completed upgrade of OCA Weblate platform 
    from 4.17 to 5.0.2.
    
    I have tested a couple of things successfully, however I am not able to 
    test that it behaves correctly for creating new modules when merged in 
    any repo.
    
    
    Also, I wanted to migrate to latest version (5.6.2) but got an issue 
    with packaging of some scripts that we have developped to update 
    automatically projects / components, so I had to postpone this upgrade 
    to latest version for now.
    
    Please come back to me in case you find new issues with the updated 
    version !
    
    Best Regards,
    
    
    -- 
    Rémi
    
    

    by Rémi Cazenave - 02:26 - 6 Jul 2024
  • spreadsheet_dashboard_oca's module: Is printing process available?
    Hi everyone,

    I currently use spreadsheet_dashboard_oca v16, which works well. However, I need to print (as PDF report) the content of  a spreadsheet.dashboard. Doesn't seem to be available with the current version of the module that I use.

    Did I miss something? Or is there another way (combination with an existing module, library) to realise that?

    Thanks in advance for your answer,




    --
    SMILE

    7 Boulevard Louis XIV 59800 Lille

    Laurent WEBER
    Développeur


    Twitter Facebook LinkedIn Github


    eco Pour la planète, n'imprimez ce mail que si c'est nécessaire

    by Laurent Weber - 03:36 - 5 Jul 2024
  • Bank sync for Societe Generale (France)
    Hello,

    I hope this is not inappropriate for this list.

    I'm seeking for help on configuring the bank sync for Societe Generale.
    I see Saltedge support EBICS connection (with Odoo Enterprise Edition).

    But I'm being asked what format should be used for the bank statement:
    - CFONB 120
    - Swift MT 940
    - camt.053.001.02

    Anyone has gone though this before?

    Thank you!

    --
    DANIEL REIS
    MANAGING PARTNER

    Meet with me.
    M: +351 919 991 307
    E: dreis@OpenSourceIntegrators.com
    A: Avenida da República 3000, Estoril Office Center, 2649-517 Cascais

    [Logo OpenSourceIntegrators.com]


    by Daniel Reis - 10:35 - 5 Jul 2024
  • New repo web-api-contrib
    Hi all,

    I'm proposing the creation of a new repo.


    Bests

    --
    Simone Orsi

    Full stack Python web developer, Odoo specialist, Odoo Community Board Member, in love with open source.

    by Simone Orsi. - 08:51 - 4 Jul 2024
  • ODOO Update versions V.15 to V.17 - Historical data.

    Hello everyone.

     

    I am doing an upgrade project from version 15 to 17, I am not going to migrate historical data, I will leave the historical data in version 15, up to the date of Go Live, and, in version 17 I will start with initial balances and operations from scratch , example: New Purchase Orders, New customer orders, etc.

     

    My questions are: Is there a way to extract information from data that I will leave in version 15, for example: historical sales data, processed purchase orders, historical inventory data, etc.? Is there a connector or application for I can use Power BI to manage this data and be able to do reports, demand analysis, inventory analysis, etc.?

     

    Thank you all in advance for your comments and recommendations.

     

    Regards.

     

    HF


    by Hugo Ferrer - 11:40 - 3 Jul 2024
  • Odoo Community 17 issues

    Good morning,

    I hope you are doing great.

     

    We are starting to work with the Odoo Community platform and we have some situations, such as not being able to delete companies that we created in the system.

    Validation Error

    The operation cannot be completed: another model requires the record being deleted. If possible, archive it instead.

    Model: Picking Type (stock.picking.type)

    Constraint: stock_picking_type_company_id_fkey

     

    Another situation is that one of our employees, when clearing the browser cache, was deleted from the system and was unable to log in again, not even through a new invitation.

     

    I would love to hear from you if there are any solutions for the correct configuration and operation of the Odoo Community 17 system?

    I hope I hear from you soon.

    Thanks in advance!

    Best regards,

     

     

     


    by Dan Vasques - 09:56 - 2 Jul 2024
  • v18 early migration work based on master
    Hi everybody,

    We would like to start working on migrating some base modules to v18 before it gets released.

    AFAIR there's no "official" policy for it, if not "do it on your own fork and then open PRs when the release is out".

    From my POV it would be nice to define one.

    For the branch, I see these options:

    1. add a `master` branch that can be used w/ any version
    2. add a `$nextVersion-[master|dev]` branch that can be used w/ odoo master for a specific version
    3. simply have $nextVersion branch and stick to version policy nr 2 (see below)

    For the module version:

    1. append `dev`to the version (eg: 18.0.1.0.0dev)
    2. start w/ a number lesser than 1.0.0 and switch to 1.0.0 only when the release is out (eg: 18.0.0.0.1)

    I'd go for branch opt 3 + mod version opt 2.

    For the test suite: I'm not sure we have a way to run tests against master ATM.

    Am I missing something?

    In general, what do you think?

    --
    Simone Orsi

    Full stack Python web developer, Odoo specialist, Odoo Community Board Member, in love with open source.

    by Simone Orsi. - 12:41 - 1 Jul 2024
  • Sensitive information fields - controlled access, encryption, display, ...

    Hello,


    I am dealing with a scenario where some personal data needs to be handled in a special way. Unprivileged users should not see them at all or only see their encrypted/hashed/garbled versions. Privileged users should have a way to display the data ideally after some additional step which would be logged. Ideally the sensitive data should be encrypted at database level.


    Has anyone has similar requirements? Is there any module providing foundation / ideas for such thing? Setup of employee classes (hr.employee, hr.employee.base and hr.employee.public) and groups seems could be somewhat an inspiration to this.


    Any ideas / pointers are welcome. Thank you very much.


    Best regards


        Radovan Skolnik


    by Radovan Skolnik - 11:46 - 1 Jul 2024