by The Evergreen Project has issued the following security releases:
- 3.15.13
- 3.16.7
- 3.17.1
This is a security release that fixes several vulnerabilities, including ones that allow the remote execution of arbitrary SQL statements in the Evergreen database as well as cross-site scripting vulnerabilities.
These releases are available on the downloads page.
We strongly recommend immediate installation of this security release.
The security bugs fixed in this release are:
- Bug 2152789
- Bug 2152788
- Bug 2152787
- Bug 2152786
- Bug 2152785
- Bug 2152784
- Bug 2152783
- Bug 2152782
- Bug 2152781
- Bug 2152780
These bugs will be made publicly visible after the security release is generally available.
If you are running a version of Evergreen earlier than 3.15, please consult with your service provider or review the fixes in Git to update your system.
We would like to thank Brian A. Egge for responsibly reporting the vulnerabilities included in this release.
These releases also include other bugfixes, which are detailed in the release notes available on the downloads page.
Thank you to the release teams: Galen Charlton (Equinox), Martha Driscoll (NOBLE), Gina Monti (Bibliomation), Sarah Moody (ECDI), Michele Morgan (NOBLE), and Andrea Buntz Neiman (Equinox).