The Evergreen Community announces the release of Evergreen 3.8.4, 3.9.3, and 3.10.2. These releases are available from the downloads page.
These releases include various bugfixes as well as fixes for three security issues. One security fix is for an SQL injection, one guards against malicious catalog search queries resulting in a denial of service, and one prevents unrestricted URL redirection upon OPAC login.
It is recommended that all Evergreen sites upgrade as soon as possible.
All of these new releases contain additional bug fixes unrelated to the security issue. For more information on the changes in these releases, please consult their release notes: