Security Announce for issue5570

Posted: 2016-06-15 12:00:00+00:00   |   Прочесть по-русски   |   Lire en français   |   Llegeix-ho en català   |   Auf Deutsch lesen   |   Beri v slovenščini   |   Leer en español   |  More posts about security


A missing access right has been found by Cédric Krier for the Model ''. That allows a malicious authenticated user to write, create or delete records of this type (see issue5570).


Any authenticated user can modify the links between products and BoM's.


All users should create manually a default model access which limits to read only and a second model access limited to the group "Production Administration" with full access.

Affected versions: all versions of production module prior to series 4.0 included.

Non affected version: all versions of production module after series 4.0 non-included.



Any security concerns should be reported on the bug-tracker at with the type security.