[OPEN-ILS-GENERAL] Evergreen security releases: 3.1.15, 3.2.9, 3.3.4, and 3.4-beta2
gmc at equinoxinitiative.org
Thu Sep 19 16:47:28 EDT 2019
On behalf of the Evergreen contributors, we are pleased to announce the
release of Evergreen 3.1.15, 3.2.9, 3.3.4, and 3.4-beta2.
The new releases can be downloaded from:
THESE RELEASES CONTAIN SECURITY UPDATES.
It is recommended that all Evergreen sites upgrade to one of the new
releases as soon as possible.
These releases fix two bugs related to cross-site scripting (XSS)
vulnerabilities in the public catalog.
Bug 1559239: Mitigates a potential risk of having a web page location
changed when opening a link in a new tab. Evergreen administrators should
review whether the following templates have been customized or overridden.
If so, either the template should be replaced with the stock version or the
rel="noopener" attribute added to all anchor (<a/>) tags with a
Bug 1822630: Resolves a problem with not properly sanitizing user input.
When upgrading, Evergreen administrators should review whether any of the
following templates have been customized or overridden. If so, either the
template should be replaced with the stock version or the XSS fix (which
entails adding the | html filter in several places) applied to the
All of these new releases also contain bugfixes that are not related to the
security issues. For more information on the changes in these releases,
Implementation and Services Manager
Equinox Open Library Initiative
phone: 1-877-OPEN-ILS (673-6457)
email: gmc at equinoxInitiative.org
direct: +1 770-709-5581
cell: +1 404-984-4366
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Open-ils-general