Docs: Move security bug fix note into the Bug Fixes area of 2.7 RELEASE NOTES

author Ben Shum <bshum@biblio.org>

Fri, 10 Apr 2015 14:43:31 +0000 (10:43 -0400)

committer Ben Shum <bshum@biblio.org>

Fri, 10 Apr 2015 14:49:44 +0000 (10:49 -0400)
author Ben Shum <bshum@biblio.org>
Fri, 10 Apr 2015 14:43:31 +0000 (10:43 -0400)
committer Ben Shum <bshum@biblio.org>
Fri, 10 Apr 2015 14:49:44 +0000 (10:49 -0400)
diff --git a/docs/RELEASE_NOTES_2_7.txt b/docs/RELEASE_NOTES_2_7.txt

index 49f3c36..12d3bef 100644 (file)
--- a/docs/RELEASE_NOTES_2_7.txt
+++ b/docs/RELEASE_NOTES_2_7.txt
@@ -379,6 +379,16 @@ http://sitemaps.org specification, including:
  Bug Fixes
  ---------
  
+IMPORTANT SECURITY INFORMATION
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+A serious security flaw that allows unauthorized remote access to
+organizational unit settings is fixed in the following releases of
+Evergreen: 2.5.9, 2.6.7, and 2.7.4.  All prior releases of Evergreen
+are vulnerable to exploitation of this flaw to reveal sensitive system
+information.  If you are running a vulnerable release of Evergreen you
+are *strongly* encouraged to upgrade to a non-vulnerable release as
+soon as possible.
+
  Set resource limits for Clark Kent
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  Several parameters are now available for the reporter daemon process
author	Ben Shum <bshum@biblio.org>
	Fri, 10 Apr 2015 14:43:31 +0000 (10:43 -0400)
committer	Ben Shum <bshum@biblio.org>
	Fri, 10 Apr 2015 14:49:44 +0000 (10:49 -0400)