Hi everyone,
Portcullis Security will be disclosing 3 security vulnerabilities in ERPNext/Frappé in the coming days. They followed responsible disclosure procedure and reported them prior to disclosure and we thank to them for their effort.
We have fixed the reported security issues in v6.10.0 and back-ported it in the v5.x.x and v4.x.x branches.
Please update your ERPNext installations to secure them.
Best,
Anand Doshi.