The Outreach Committee is glad to share that all of the 2024 Evergreen ILS online conference videos are now up on Youtube.
Evergreen and OpenSRF Security Releases: Evergreen 3.10.5, 3.11.6, 3.12.4, 3.13.1; OpenSRF 3.2.5 and 3.3.1
The Evergreen Project announces security releases for Evergreen and OpenSRF.
The Evergreen releases are:
- 3.10.5
- 3.11.6
- 3.12.4
- 3.13.1
The Evergreen releases include fixes for the following issues:
- Two reflected XSS (cross-site scripting) vulnerabilities that would permit allowing executing arbitrary JavaScript by the user’s web browser
- An insecure direct object reference (IDOR) vulnerability that allows for constructing URLs that can access arbitrary Action Trigger event output, including data related to patron circulation notices
The IDOR vulnerability is considered critical; all Evergreen sites are recommended to upgrade or apply the fixes as soon as possible.
The OpenSRF releases are:
- 3.2.5
- 3.3.1
The OpenSRF releases fix a buffer overflow and a race condition that can crash Perl services. There are no known exploits for either issue, but Evergreen sites are nonetheless recommended to upgrade OpenSRF.
Additional information, including the new releases and release notes with instructions for applying the fixes, can be found on the downloads pages for Evergreen and OpenSRF.
Evergreen 3.13.0 Released
The Evergreen Community is pleased to announce Evergreen 3.13.0. This is a major feature release, and we are especially proud to note that the multiyear project of converting pre-webclient interfaces to Angular is complete with this release.
Other notable features of 3.13.0 include:
- A fully rewritten enhanced MARC editor interface
- Angular ports of the Reports, Invoices, Claims, Circ Policies, and Z39.50 interfaces
- A tool for administrators to redact or obfuscate selected SIP data, as well as a new SIP management component ‘SIP2Mediator’
- Numerous accessibility improvements, including updates to Evergreen’s grid component, color contrast updates, button placement improvements, and more.
Please see the release notes for more information about 3.13.0.
The Evergreen Community thanks everyone who contributed to this release! An full list can be seen in the Acknowledgments section of the release notes.
Download files and additional information available on the Evergreen downloads page.
On behalf of the 3.13 release team,
Bill Erickson (King County Library System)
Blake Graham-Henderson (MOBIUS)
Stephanie Leary (Equinox Open Library Initiative)
Shula Link (Greater Clarks Hill Regional Library)
Andrea Buntz Neiman (Equinox Open Library Initiative)