LP#1424755: Add IMPORTANT SECURITY INFORMATION release note.

author Jason Stephenson <jstephenson@mvlc.org>

Thu, 19 Feb 2015 16:17:08 +0000 (11:17 -0500)

committer Ben Shum <bshum@biblio.org>

Tue, 3 Mar 2015 23:00:14 +0000 (18:00 -0500)
author Jason Stephenson <jstephenson@mvlc.org>
Thu, 19 Feb 2015 16:17:08 +0000 (11:17 -0500)
committer Ben Shum <bshum@biblio.org>
Tue, 3 Mar 2015 23:00:14 +0000 (18:00 -0500)
diff --git a/docs/RELEASE_NOTES_NEXT/security-bug-fix.txt b/docs/RELEASE_NOTES_NEXT/security-bug-fix.txt

new file mode 100644 (file)

index 0000000..03d83cd
--- /dev/null
+++ b/docs/RELEASE_NOTES_NEXT/security-bug-fix.txt
@@ -0,0 +1,9 @@
+IMPORTANT SECURITY INFORMATION
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+A serious security flaw that allows unauthorized remote access to
+organizational unit settings is fixed in the following releases of
+Evergreen: 2.5.9, 2.6.7, and 2.7.4.  All prior releases of Evergreen
+are vulnerable to exploitation of this flaw to reveal sensitive system
+information.  If you are running a vulnerable release of Evergreen you
+are *strongly* encouraged to upgrade to a non-vulnerable release as
+soon as possible.
author	Jason Stephenson <jstephenson@mvlc.org>
	Thu, 19 Feb 2015 16:17:08 +0000 (11:17 -0500)
committer	Ben Shum <bshum@biblio.org>
	Tue, 3 Mar 2015 23:00:14 +0000 (18:00 -0500)