Contributors mailing list archives

Browse archives


Re: [PSA] mail template editor group, mass mailing user group

Holger Brunn
- 29/02/2024 17:49:55
> Did you report this vulnerability to Odoo SA?

> [1]

yes, but I learned this was a choice they made. You're supposed to click the 
'restrict mail templates' flag in the general settings if you disagree. (which 
still doesn't change the fact that everyone is a mail template editor as soon 
as you install mass_mailing)

Seems a different philosophy, I want secure by default, they want easy. 
Actually, I was a bit frightened about this being a conscious choice so now 
I'm sifting through other core modules if I find similar choices.

If so, a secure-by-default oca repo might be in order, where we collect 
modules like the ones I propose above, and set them to auto install.

Your partner for the hard Odoo problems