The Outreach Committee is glad to share that all of the 2024 Evergreen ILS online conference videos are now up on Youtube.
Evergreen and OpenSRF Security Releases: Evergreen 3.10.5, 3.11.6, 3.12.4, 3.13.1; OpenSRF 3.2.5 and 3.3.1
The Evergreen Project announces security releases for Evergreen and OpenSRF.
The Evergreen releases are:
- 3.10.5
- 3.11.6
- 3.12.4
- 3.13.1
The Evergreen releases include fixes for the following issues:
- Two reflected XSS (cross-site scripting) vulnerabilities that would permit allowing executing arbitrary JavaScript by the user’s web browser
- An insecure direct object reference (IDOR) vulnerability that allows for constructing URLs that can access arbitrary Action Trigger event output, including data related to patron circulation notices
The IDOR vulnerability is considered critical; all Evergreen sites are recommended to upgrade or apply the fixes as soon as possible.
The OpenSRF releases are:
- 3.2.5
- 3.3.1
The OpenSRF releases fix a buffer overflow and a race condition that can crash Perl services. There are no known exploits for either issue, but Evergreen sites are nonetheless recommended to upgrade OpenSRF.
Additional information, including the new releases and release notes with instructions for applying the fixes, can be found on the downloads pages for Evergreen and OpenSRF.
Evergreen Returns to ALA Annual Conference
The Evergreen community is hosting a session this weekend at the American Library Association Annual Conference & Exhibition in San Diego. The session, From User Group to Community: Software for Libraries by Libraries is scheduled for 2:30 to 3:30 p.m. PDT Saturday, June 29, at the Marriott Marquis in the Miramar Room.