Daily Archives: 6/27/2010


Security vulnerability in Evergreen 1.6: patch or upgrade advised

On Thursday, June 17th, we realized that the open-ils.pcrud service, which provides permission-protected access to Evergreen data in the 1.6 release series, was subject to a security vulnerability. The vulnerability allows a user to access objects outside of the permissions they have been granted by supplying fleshing arguments to the […]