[OPEN-ILS-GENERAL] SECURITY RELEASES available: Evergreen 2.7.1, 2.6.4, and 2.5.8

Galen Charlton gmc at esilibrary.com
Wed Nov 5 16:16:08 EST 2014


On behalf of the Evergreen contributors, the 2.7.x release maintainer
(Ben Shum) and the 2.6.x and 2.5.x release maintainer (Dan Wells), we
are pleased to announce the release of Evergreen 2.7.1, 2.6.4, and
2.5.8.

The new releases can be downloaded from:

http://evergreen-ils.org/egdownloads/

THESE RELEASES CONTAIN SECURITY UPDATES, so you will want to upgrade
as soon as possible.

In particular, they fix a bug where even if a user had logged out of
the Evergreen public catalog, their login session was not removed.
This would permit somebody who had access to the user’s session cookie
to impersonate that user and gain access to their account and
circulation information.

After installing the Evergreen software update, it is recommended that
memcached be restarted prior to restarting Evergreen services and
Apache.  This will clear out all user login sessions.

All three releases also contain bugfixes that not related to the
security issue. For more information on the changes in these release,
please consult the change logs:

2.7.1: http://evergreen-ils.org/downloads/ChangeLog-2.7.0-2.7.1
2.6.4: http://evergreen-ils.org/downloads/ChangeLog-2.6.3-2.6.4
2.5.8: http://evergreen-ils.org/downloads/ChangeLog-2.5.7-2.5.8

Regards,

Galen
-- 
Galen Charlton
Manager of Implementation
Equinox Software, Inc. / The Open Source Experts
email:  gmc at esilibrary.com
direct: +1 770-709-5581
cell:   +1 404-984-4366
skype:  gmcharlt
web:    http://www.esilibrary.com/
Supporting Koha and Evergreen: http://koha-community.org &
http://evergreen-ils.org


More information about the Open-ils-general mailing list