On behalf of the Evergreen contributors, the 2.3.x release maintainer (Bill Erickson), the 2.2.x release maintainer (Lebbeous Fogle-Weekley), and the 2.1.x release maintainer, (Dan Scott), we are pleased to announce the release of Evergreen 2.3.3, 2.2.5, and 2.1.5.
Links to downloads and documentation can be found at http://evergreen-ils.org/downloads.php and http://evergreen-ils.org/opensrf.php. The 2.3.3 and 2.2.5 releases also contains bugfixes not related to security. THESE RELEASES CONTAIN SECURITY UPDATES, so you will want to upgrade as soon as possible. In particular, the pcrud, cstore, and rstore services are susceptible to an SQL injection attack. Any user, including library staff and patrons, who can authenticate to Evergreen can potentially make arbitrary SQL run on the Evergreen database. More information about the security updates and other bugfixes can be found in the ChangeLogs: 2.3.3: http://evergreen-ils.org/downloads/ChangeLog-2.3.2-2.3.3 2.2.5: http://evergreen-ils.org/downloads/ChangeLog-2.2.4-2.2.5 2.1.5: http://evergreen-ils.org/downloads/ChangeLog-2.1.4-2.1.5 If you don’t wish to upgrade Evergreen outright to the latest version, sites running 2.1, 2.2, or 2.3 releases today can get the benefit of the security updates by installing a hot fix. The procedure for doing is described at: http://evergreen-ils.org/blog/?p=884 -- Galen Charlton Manager of Implementation Equinox Software, Inc. / The Open Source Experts email: [email protected] direct: +1 770-709-5581 cell: +1 404-984-4366 skype: gmcharlt web: http://www.esilibrary.com/ Supporting Koha and Evergreen: http://koha-community.org & http://evergreen-ils.org
