[OPEN-ILS-GENERAL] SECURITY RELEASES: 2.7.4, 2.6.7, and 2.5.9

Galen Charlton gmc at esilibrary.com
Tue Mar 3 17:57:49 EST 2015


On behalf of the Evergreen contributors, the 2.7.x release maintainer
(Ben Shum) and the 2.6.x and 2.5.x release maintainer (Dan Wells), we
are pleased to announce the release of Evergreen 2.7.4, 2.6.7, and
2.5.9.

The new releases can be downloaded from:

http://evergreen-ils.org/egdownloads/

THESE RELEASES CONTAIN SECURITY UPDATES, so you will want to upgrade
as soon as possible.

In particular, the following security issues are fixed:

Bug 1424755: This bug allows unauthorized remote access to the value
of certain library settings that are meant to be confidential.
Bug 1206589: This bug allows unauthorized remote access to the log of
changes to library settings, including ones meant to be confidential.

All prior supported releases are vulnerable to these bugs.

All three of these new releases also contain bugfixes that not related
to the security issues. For more information on the changes in these
releases, please consult their change logs.

Please note that 2.5.9 is the last release expected in the 2.5.x series.

It is recommended that all Evergreen sites upgrade to one of the new
releases as soon as possible.

For additional information, including instructions on how to apply
hotfixes for the security issues, please see
http://evergreen-ils.org/security-releases-evergreen-2-7-4-2-6-7-and-2-5-9/

-- 
Galen Charlton
Infrastructure and Added Services Manager
Equinox Software, Inc. / The Open Source Experts
email:  gmc at esilibrary.com
direct: +1 770-709-5581
cell:   +1 404-984-4366
skype:  gmcharlt
web:    http://www.esilibrary.com/
Supporting Koha and Evergreen: http://koha-community.org &
http://evergreen-ils.org


More information about the Open-ils-general mailing list