Good afternoon all! The Evergreen Core Team (that is, the committer, security and release teams) are currently prepping for several new releases. At the least will be 2.1.0 and 2.0.10. Depending on certain details, there may also be a 1.6.1.9. As of now, the plan is to cut these releases for upload on either Monday or Tuesday of next week, October 3rd or 4th.
Why are we letting you know now, rather than at release time as we usually do? Good question. Included in these releases will be several important security fixes, and we want to make sure that everyone has time to plan an upgrade as soon as possible, while at the same time getting these releases out as early as possible to limit exposure to existing installations. It is important to note, that to the best of our knowledge none of the security issues identified for these upcoming releases have any exploits in the wild, and all of them would require a non-trivial amount of effort to construct an attack. **These are precautionary releases.** But, due to the nature of Open Source software, as soon as the fixes are available the vulnerabilities will be visible. Over the next couple days we will be working to tie up the loose ends before release, and as we do so there may be more updates as the details come into sharper focus. -- Mike Rylander | Director of Research and Development | Equinox Software, Inc. / Your Library's Guide to Open Source | phone: 1-877-OPEN-ILS (673-6457) | email: [email protected] | web: http://www.esilibrary.com
