[OPEN-ILS-GENERAL] IMPORTANT: Security releases of Evergreen 2.3.3, 2.2.5, and 2.1.5

[Galen Charlton]

On behalf of the Evergreen contributors, the 2.3.x release maintainer (Bill
Erickson), the 2.2.x release maintainer (Lebbeous Fogle-Weekley), and the
2.1.x release maintainer, (Dan Scott), we are pleased to announce the
release of Evergreen 2.3.3, 2.2.5, and 2.1.5.

Links to downloads and documentation can be found at

http://evergreen-ils.org/downloads.php and
http://evergreen-ils.org/opensrf.php.

The 2.3.3 and 2.2.5 releases also contains bugfixes not related to security.

THESE RELEASES CONTAIN SECURITY UPDATES, so you will want to upgrade as
soon as possible.

In particular, the pcrud, cstore, and rstore services are susceptible to an
SQL injection attack.  Any user, including library staff and patrons, who
can authenticate to Evergreen can potentially make arbitrary SQL run on the
Evergreen database.

More information about the security updates and other bugfixes can be found
in the ChangeLogs:

2.3.3: http://evergreen-ils.org/downloads/ChangeLog-2.3.2-2.3.3
2.2.5: http://evergreen-ils.org/downloads/ChangeLog-2.2.4-2.2.5
2.1.5: http://evergreen-ils.org/downloads/ChangeLog-2.1.4-2.1.5

If you don’t wish to upgrade Evergreen outright to the latest version,
sites running 2.1, 2.2, or 2.3 releases today can get the benefit of the
security updates by installing a hot fix.  The procedure for doing is
described at:

http://evergreen-ils.org/blog/?p=884

-- 
Galen Charlton
Manager of Implementation
Equinox Software, Inc. / The Open Source Experts
email:  gmc at esilibrary.com
direct: +1 770-709-5581
cell:   +1 404-984-4366
skype:  gmcharlt
web:    http://www.esilibrary.com/
Supporting Koha and Evergreen: http://koha-community.org &
http://evergreen-ils.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://libmail.georgialibraries.org/pipermail/open-ils-general/attachments/20130116/62926385/attachment.htm>