From a074c4cb62f3d9e3ea9a10f52528c00dd6dda607 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 17 Sep 2020 09:20:49 +0200 Subject: [PATCH] Update security --- SECURITY.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index 9144a824897..3a022aa0167 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -66,7 +66,8 @@ ONLY vulnerabilities discovered, when the following setup on tested platform is * $dolibarr_main_prod must be set to 1 into conf.php * $dolibarr_nocsrfcheck must be kept to the value 0 into conf.php (this is the default value) -* The module DebugBar must NOT be enabled (by default, this module is not enabled) +* The module DebugBar must NOT be enabled (by default, this module is not enabled. This is a developer tool) +* The module ModuleBuilder must NOT be enabled (by default, this module is not enabled. This is a developer tool) * The constant MAIN_SECURITY_CSRF_WITH_TOKEN must be set to 1 into backoffice menu Home - Setup - Other (this protection should be enabled soon by default) * ONLY security reports on "stable" modules are allowed (troubles into "experimental" and "developement" modules are not accepted).