As a part of our term project to analyse the security of an open source project we have documented few observations on the security of Dolibarr.
Please find our GitHub link below for the same.
Please go through our findings in Code Analysis part and consider them to improve the security of the Dolibarr.
For information, we started some bug bounty campaign with v13 and we launch another one for every version since.
So a lot of enhancement has been introduced into v16 and more into v17 that will be released in january.
i tried to use your report to analyse what we still missing for v18, but something miss me.
You mention a lot of point on your document, but it is not clear, for each point, if the point is good or not in Dolibarr. Sometimes you say, “implementation of … is required” without knowing if it is ok or not in Dolibarr. It would be good for us if for each point (chapter), there is a red cross or green tick so we can immediatly focus on red cross… and only those point.