diff --git a/base_exception/README.rst b/base_exception/README.rst index 480047307..af86936b6 100644 --- a/base_exception/README.rst +++ b/base_exception/README.rst @@ -42,6 +42,8 @@ Known issues / Roadmap Terms used in old api like `pool`, `cr`, `uid` must be removed porting this module in version 12. +This module execute user provided code though a safe_eval, it's unsecure? How mitigate risks should be adressed in future versions of this module. + Bug Tracker =========== @@ -72,6 +74,7 @@ Contributors * Yannick Vaucher * SodexisTeam * Mourad EL HADJ MIMOUNE +* Raphaël Reverdy * Iván Todorovich Maintainers diff --git a/base_exception/static/description/index.html b/base_exception/static/description/index.html index bfa0ddf39..dfa95c761 100644 --- a/base_exception/static/description/index.html +++ b/base_exception/static/description/index.html @@ -389,6 +389,7 @@ in the ‘sale_exception’ module. (sale-workflow repository) or

Known issues / Roadmap

Terms used in old api like pool, cr, uid must be removed porting this module in version 12.

+

This module execute user provided code though a safe_eval, it’s unsecure? How mitigate risks should be adressed in future versions of this module.

Bug Tracker

@@ -418,6 +419,7 @@ If you spotted it first, help us smashing it by providing a detailed and welcome
  • Yannick Vaucher <yannick.vaucher@camptocamp.com>
  • SodexisTeam <dev@sodexis.com>
  • Mourad EL HADJ MIMOUNE <mourad.elhadj.mimoune@akretion.com>
    • +
  • Raphaël Reverdy <raphael.reverdy@akretion.com>
  • Iván Todorovich <ivan.todorovich@gmail.com>