From: Ben Shum Date: Fri, 10 Apr 2015 14:53:59 +0000 (-0400) Subject: Docs: Update 2.6 RELEASE NOTES to include new section on Bug Fixes X-Git-Url: https://old-git.evergreen-ils.org/?a=commitdiff_plain;h=d7911f9bc5bb6167e8e9a60aa9c21fa54c9077d9;p=evergreen%2Fpines.git Docs: Update 2.6 RELEASE NOTES to include new section on Bug Fixes Signed-off-by: Ben Shum --- diff --git a/docs/RELEASE_NOTES_2_6.txt b/docs/RELEASE_NOTES_2_6.txt index 23f86d54ff..af7701de2b 100644 --- a/docs/RELEASE_NOTES_2_6.txt +++ b/docs/RELEASE_NOTES_2_6.txt @@ -490,6 +490,52 @@ revisions target level "AA" of compliance. For more information on WCAG, see http://www.w3.org/WAI/intro/wcag +Bug Fixes +--------- + +IMPORTANT SECURITY INFORMATION +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +A serious security flaw that allows unauthorized remote access to +organizational unit settings is fixed in the following releases of +Evergreen: 2.5.9, 2.6.7, and 2.7.4. All prior releases of Evergreen +are vulnerable to exploitation of this flaw to reveal sensitive system +information. If you are running a vulnerable release of Evergreen you +are *strongly* encouraged to upgrade to a non-vulnerable release as +soon as possible. + +Set resource limits for Clark Kent +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Several parameters are now available for the reporter daemon process +(`clark-kent.pl`) to control resource usage. These can be used to +reduce the chances that a malformed report can cause indigestion +on a database or reports server. The new parameters, which can be +set in `opensrf.xml` or as command-line switches for `clark-kent.pl` are + +* `//reporter/setup/statement_timeout` / `--statement-timeout` + +Number of minutes to allow a report's underlying SQL query +to run before it gets cancelled. Default value is +60 minutes. If a report's query gets cancelled, the +error_text value will be set to a valid that indicates that +the allowed time was exceeded. + +* `//reporter/setup/max_rows_for_charts` / `--max-rows-for-charts` + +Number of rows permitted in the query's output before +Clark Kent refuses to attempt to draw a graph. Default +value is 1,000 rows. + +* `//reporter/setup/resultset_limit` / `--resultset-limit` + +If set, truncates the report's output to the specified +number of hits. Note that it will not be apparent +to a staff user if the report's output has been +truncated. Default value is unlimited. + +The report concurrency (i.e., the number of reports that Clark +Kent will run in parallel) can now also be controlled via +the `opensrf.xml` setting `//reporter/setup/parallel`. + Acknowledgments --------------- The Evergreen project would like to acknowledge the following