[Evergreen-dev] Two new Evergreen Security Releases

Jane Sandberg sandbej at linnbenton.edu
Thu Apr 1 11:37:11 EDT 2021


Hello colleagues,

The Evergreen community is pleased to announce the release of Evergreen
3.6.3 and 3.5.4, both available from the downloads page
<https://evergreen-ils.org/egdownloads/>.

*THESE RELEASES CONTAIN A SECURITY UPDATE.  All Evergreen sites should
upgrade as soon as possible.*

These releases fix a critical cross-site scripting (XSS) vulnerability
<https://bugs.launchpad.net/evergreen/+bug/1902965>.  A very special thanks
to James Fournie for identifying the issue; Jeff Davis, Jason Boyer, and
Galen Charlton for creating the patch; and Jason Stephenson for testing and
other work on this bug.

All of these new releases contain additional bug fixes unrelated to the
security issue. For more information on the changes in these releases,
please consult their release notes:

   - 3.5.4
   <https://evergreen-ils.org/documentation/release/RELEASE_NOTES_3_5.html>
   - 3.6.3
   <https://evergreen-ils.org/documentation/release/RELEASE_NOTES_3_6.html>

   -The 3.5.4 and 3.6.3 release teams


-- 
Jane Sandberg
Electronic Resources Librarian
Linn-Benton Community College
sandbej at linnbenton.edu / 541-917-4655
Pronouns: she/her/hers

Library instagram: @lbcc_library <https://www.instagram.com/lbcc_library/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://list.evergreen-ils.org/pipermail/evergreen-dev/attachments/20210401/d1ad54f1/attachment.html>


More information about the Evergreen-dev mailing list