Hi Dolibarr Team,
As a part of our term project to analyse the security of an open source project we have documented few observations on the security of Dolibarr.
Please find our GitHub link below for the same.
Please go through our findings in Code Analysis part and consider them to improve the security of the Dolibarr.
Thanks and Regards,
Sreeharsha
Thanks for your repository with this interesting reports.
I failed to find one information: What was the version of Dolibarr you used for this study ?
Hi Eldy,
Thanks for your reply.
We used 15.0.3 version.
Thanks and Regards,
Sreeharsha
For information, we started some bug bounty campaign with v13 and we launch another one for every version since.
So a lot of enhancement has been introduced into v16 and more into v17 that will be released in january.
i tried to use your report to analyse what we still missing for v18, but something miss me.
You mention a lot of point on your document, but it is not clear, for each point, if the point is good or not in Dolibarr. Sometimes you say, “implementation of … is required” without knowing if it is ok or not in Dolibarr. It would be good for us if for each point (chapter), there is a red cross or green tick so we can immediatly focus on red cross… and only those point.
