From: Jason Stephenson <jstephenson@mvlc.org>
Date: Thu, 19 Feb 2015 16:17:08 +0000 (-0500)
Subject: LP#1424755: Add IMPORTANT SECURITY INFORMATION release note.
X-Git-Url: https://old-git.evergreen-ils.org/?a=commitdiff_plain;h=1756c8142a01694afb42eeced2d171e8635bd532;p=working%2FEvergreen.git

LP#1424755: Add IMPORTANT SECURITY INFORMATION release note.

Signed-off-by: Jason Stephenson <jstephenson@mvlc.org>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Ben Shum <bshum@biblio.org>
---

diff --git a/docs/RELEASE_NOTES_NEXT/security-bug-fix.txt b/docs/RELEASE_NOTES_NEXT/security-bug-fix.txt
new file mode 100644
index 0000000000..03d83cd6e8
--- /dev/null
+++ b/docs/RELEASE_NOTES_NEXT/security-bug-fix.txt
@@ -0,0 +1,9 @@
+IMPORTANT SECURITY INFORMATION
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+A serious security flaw that allows unauthorized remote access to
+organizational unit settings is fixed in the following releases of
+Evergreen: 2.5.9, 2.6.7, and 2.7.4.  All prior releases of Evergreen
+are vulnerable to exploitation of this flaw to reveal sensitive system
+information.  If you are running a vulnerable release of Evergreen you
+are *strongly* encouraged to upgrade to a non-vulnerable release as
+soon as possible.