[OPEN-ILS-DEV] SECURITY RELEASES – Evergreen 2.3.6, 2.2.8, and 2.1.6

Galen Charlton gmc at esilibrary.com
Wed Apr 17 15:31:50 EDT 2013


On behalf of the Evergreen contributors, the 2.3.x release maintainer
(Bill Erickson), the 2.2.x release maintainer (Lebbeous
Fogle-Weekley), and the 2.1.x release maintainer, (Dan Scott), we are
pleased to announce the release of Evergreen 2.3.6, 2.2.8, and 2.1.6.

Links to downloads and documentation can be found at

http://evergreen-ils.org/downloads.php.

The 2.3.6 and 2.2.8 releases also contains bugfixes not related to security.

THESE RELEASES CONTAIN SECURITY UPDATES. We strongly recommend that
you upgrade as soon as possible.

The pcrud, cstore, and rstore services are susceptible to an SQL
injection attack.  Any user can potentially make arbitrary SQL run on
the Evergreen database.

More information about the security updates and other bugfixes can be
found in the ChangeLogs:

2.3.6 - http://evergreen-ils.org/downloads/ChangeLog-2.3.5-2.3.6
2.2.8 - http://evergreen-ils.org/downloads/ChangeLog-2.2.7-2.2.8
2.1.6 - http://evergreen-ils.org/downloads/ChangeLog-2.1.5-2.1.6

Regards,

Galen
--
Galen Charlton
Manager of Implementation
Equinox Software, Inc. / The Open Source Experts
email:  gmc at esilibrary.com
direct: +1 770-709-5581
cell:   +1 404-984-4366
skype:  gmcharlt
web:    http://www.esilibrary.com/
Supporting Koha and Evergreen: http://koha-community.org &
http://evergreen-ils.org


More information about the Open-ils-dev mailing list