OpenErp Java API uses defunct XMLRPC which has security vulnerabilities

DeBortoliWines / openerp-java-api

A Java API to connect to OpenERP and manage data using the XMLRPC interface.

Apache License 2.0

38 stars 70 forks source link

OpenErp Java API uses defunct XMLRPC which has security vulnerabilities #43

Open mbatchelor opened 6 years ago

mbatchelor commented 6 years ago

XMLRPC is an archived project at apache: https://ws.apache.org/ XMLRPC has multiple security vulnerabilities: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5002 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5003 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5004

Suggest moving to another library.

flotho commented 6 years ago

Hi @mbatchelor ,

Thanks for your tips. Do you suggest to move for another XMLRPC client library or to change the API? If you suggested the second option it's not possible, Odoo SA the editor of Odoo is responsible o the technical architecture choices and all its products have been developped based on XMLRPC, neither SOAP nor REST are available in a native way in Odoo.

flotho commented 6 years ago

@mbatchelor,

Ok I understand what you pointed. BTW, what are the pentaho library you're recommanding, as we hope to be able to migrate the odoo step into the new api using your native xmlrpc library would be a great idea