[OPEN-ILS-DEV] Evergreen security releases: 2.0.10 and 1.6.1.9
Peters, Michael
MRPeters at library.IN.gov
Thu Oct 6 08:24:52 EDT 2011
Dan,
Thanks so much for this. Much appreciated.
Sincerely,
Michael Peters
Indiana State Library MIS | Inspire.IN.gov Helpdesk | Evergreen Indiana Helpdesk
office - 317.234.2128
email - mrpeters at library.in.gov
-----Original Message-----
From: open-ils-dev-bounces at list.georgialibraries.org [mailto:open-ils-dev-bounces at list.georgialibraries.org] On Behalf Of Dan Scott
Sent: Wednesday, October 05, 2011 4:06 PM
To: open-ils-general at list.georgialibraries.org; open-ils-dev at list.georgialibraries.org
Subject: Re: [OPEN-ILS-DEV] Evergreen security releases: 2.0.10 and 1.6.1.9
On Wed, Oct 05, 2011 at 10:18:04AM -0400, Dan Scott wrote:
> Today, the Evergreen development team released Evergreen 2.0.10 and
> 1.6.1.9 - available from the downloads page at
> http://evergreen-ils.org/downloads - to address several security
> vulnerabilities and a handful of bug fixes. This post discusses the
> security vulnerabilities. If you are running Evergreen in production
> today, we encourage you to upgrade your Evergreen system to 1.6.1.9 or
> 2.0.10 as soon as possible.
Note that I have written up a brief guide for addressing the worst of
the security vulnerabilities by updating oils_auth.so as a comment to
the blog post that announced this release. The process that I have
documented can be applied to a running system - I tested it on Conifer
with no ill effects - so if you're not in the mood for doing a complete
upgrade of your system, you can at least patch the password
brute-forcing vulnerability with 10 minutes or less of work:
The comment with the step-by-step process is at
http://evergreen-ils.org/blog/?p=687&cpage=1#comment-54959
More information about the Open-ils-dev
mailing list