[open-ils-commits] [GIT] Evergreen ILS branch master updated. 612ea9423f84caa6d89232a293975a0abed02532

Evergreen Git git at git.evergreen-ils.org
Fri Apr 10 10:56:58 EDT 2015 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Evergreen ILS".

The branch, master has been updated
       via  612ea9423f84caa6d89232a293975a0abed02532 (commit)
      from  6c8a0705fe84eaa926feb64a411236d98c10354b (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 612ea9423f84caa6d89232a293975a0abed02532
Author: Ben Shum <bshum at biblio.org>
Date:   Fri Apr 10 10:53:59 2015 -0400

    Docs: Update 2.6 RELEASE NOTES to include new section on Bug Fixes
    
    Signed-off-by: Ben Shum <bshum at biblio.org>

diff --git a/docs/RELEASE_NOTES_2_6.txt b/docs/RELEASE_NOTES_2_6.txt
index 23f86d5..af7701d 100644
--- a/docs/RELEASE_NOTES_2_6.txt
+++ b/docs/RELEASE_NOTES_2_6.txt
@@ -490,6 +490,52 @@ revisions target level "AA" of compliance.
 For more information on WCAG, see http://www.w3.org/WAI/intro/wcag
 
 
+Bug Fixes
+---------
+
+IMPORTANT SECURITY INFORMATION
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+A serious security flaw that allows unauthorized remote access to
+organizational unit settings is fixed in the following releases of
+Evergreen: 2.5.9, 2.6.7, and 2.7.4.  All prior releases of Evergreen
+are vulnerable to exploitation of this flaw to reveal sensitive system
+information.  If you are running a vulnerable release of Evergreen you
+are *strongly* encouraged to upgrade to a non-vulnerable release as
+soon as possible.
+
+Set resource limits for Clark Kent
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+Several parameters are now available for the reporter daemon process
+(`clark-kent.pl`) to control resource usage.  These can be used to
+reduce the chances that a malformed report can cause indigestion
+on a database or reports server.  The new parameters, which can be
+set in `opensrf.xml` or as command-line switches for `clark-kent.pl` are
+
+* `//reporter/setup/statement_timeout` / `--statement-timeout`
+
+Number of minutes to allow a report's underlying SQL query
+to run before it gets cancelled.  Default value is
+60 minutes.  If a report's query gets cancelled, the
+error_text value will be set to a valid that indicates that
+the allowed time was exceeded.
+
+* `//reporter/setup/max_rows_for_charts` / `--max-rows-for-charts`
+
+Number of rows permitted in the query's output before
+Clark Kent refuses to attempt to draw a graph. Default
+value is 1,000 rows.
+
+* `//reporter/setup/resultset_limit` / `--resultset-limit`
+
+If set, truncates the report's output to the specified
+number of hits.  Note that it will not be apparent
+to a staff user if the report's output has been
+truncated.  Default value is unlimited.
+
+The report concurrency (i.e., the number of reports that Clark
+Kent will run in parallel) can now also be controlled via
+the `opensrf.xml` setting `//reporter/setup/parallel`.
+
 Acknowledgments
 ---------------
 The Evergreen project would like to acknowledge the following

-----------------------------------------------------------------------

Summary of changes:
 docs/RELEASE_NOTES_2_6.txt |   46 ++++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 46 insertions(+), 0 deletions(-)


hooks/post-receive
-- 
Evergreen ILS

More information about the open-ils-commits mailing list