[open-ils-commits] [GIT] Evergreen ILS branch rel_2_7 updated. d7911f9bc5bb6167e8e9a60aa9c21fa54c9077d9

Evergreen Git git at git.evergreen-ils.org
Fri Apr 10 10:56:35 EDT 2015 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Evergreen ILS".

The branch, rel_2_7 has been updated
       via  d7911f9bc5bb6167e8e9a60aa9c21fa54c9077d9 (commit)
      from  33fb80b95b74fcded5b02cb8fde3d76b9847217a (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit d7911f9bc5bb6167e8e9a60aa9c21fa54c9077d9
Author: Ben Shum <bshum at biblio.org>
Date:   Fri Apr 10 10:53:59 2015 -0400

    Docs: Update 2.6 RELEASE NOTES to include new section on Bug Fixes
    
    Signed-off-by: Ben Shum <bshum at biblio.org>

diff --git a/docs/RELEASE_NOTES_2_6.txt b/docs/RELEASE_NOTES_2_6.txt
index 23f86d5..af7701d 100644
--- a/docs/RELEASE_NOTES_2_6.txt
+++ b/docs/RELEASE_NOTES_2_6.txt
@@ -490,6 +490,52 @@ revisions target level "AA" of compliance.
 For more information on WCAG, see http://www.w3.org/WAI/intro/wcag
 
 
+Bug Fixes
+---------
+
+IMPORTANT SECURITY INFORMATION
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+A serious security flaw that allows unauthorized remote access to
+organizational unit settings is fixed in the following releases of
+Evergreen: 2.5.9, 2.6.7, and 2.7.4.  All prior releases of Evergreen
+are vulnerable to exploitation of this flaw to reveal sensitive system
+information.  If you are running a vulnerable release of Evergreen you
+are *strongly* encouraged to upgrade to a non-vulnerable release as
+soon as possible.
+
+Set resource limits for Clark Kent
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+Several parameters are now available for the reporter daemon process
+(`clark-kent.pl`) to control resource usage.  These can be used to
+reduce the chances that a malformed report can cause indigestion
+on a database or reports server.  The new parameters, which can be
+set in `opensrf.xml` or as command-line switches for `clark-kent.pl` are
+
+* `//reporter/setup/statement_timeout` / `--statement-timeout`
+
+Number of minutes to allow a report's underlying SQL query
+to run before it gets cancelled.  Default value is
+60 minutes.  If a report's query gets cancelled, the
+error_text value will be set to a valid that indicates that
+the allowed time was exceeded.
+
+* `//reporter/setup/max_rows_for_charts` / `--max-rows-for-charts`
+
+Number of rows permitted in the query's output before
+Clark Kent refuses to attempt to draw a graph. Default
+value is 1,000 rows.
+
+* `//reporter/setup/resultset_limit` / `--resultset-limit`
+
+If set, truncates the report's output to the specified
+number of hits.  Note that it will not be apparent
+to a staff user if the report's output has been
+truncated.  Default value is unlimited.
+
+The report concurrency (i.e., the number of reports that Clark
+Kent will run in parallel) can now also be controlled via
+the `opensrf.xml` setting `//reporter/setup/parallel`.
+
 Acknowledgments
 ---------------
 The Evergreen project would like to acknowledge the following

-----------------------------------------------------------------------

Summary of changes:
 docs/RELEASE_NOTES_2_6.txt |   46 ++++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 46 insertions(+), 0 deletions(-)


hooks/post-receive
-- 
Evergreen ILS

More information about the open-ils-commits mailing list