From 33fb80b95b74fcded5b02cb8fde3d76b9847217a Mon Sep 17 00:00:00 2001 From: Ben Shum Date: Fri, 10 Apr 2015 10:43:31 -0400 Subject: [PATCH] Docs: Move security bug fix note into the Bug Fixes area of 2.7 RELEASE NOTES Signed-off-by: Ben Shum --- docs/RELEASE_NOTES_2_7.txt | 10 ++++++++++ docs/RELEASE_NOTES_NEXT/security-bug-fix.txt | 9 --------- 2 files changed, 10 insertions(+), 9 deletions(-) delete mode 100644 docs/RELEASE_NOTES_NEXT/security-bug-fix.txt diff --git a/docs/RELEASE_NOTES_2_7.txt b/docs/RELEASE_NOTES_2_7.txt index 49f3c36d66..12d3bef969 100644 --- a/docs/RELEASE_NOTES_2_7.txt +++ b/docs/RELEASE_NOTES_2_7.txt @@ -379,6 +379,16 @@ http://sitemaps.org specification, including: Bug Fixes --------- +IMPORTANT SECURITY INFORMATION +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +A serious security flaw that allows unauthorized remote access to +organizational unit settings is fixed in the following releases of +Evergreen: 2.5.9, 2.6.7, and 2.7.4. All prior releases of Evergreen +are vulnerable to exploitation of this flaw to reveal sensitive system +information. If you are running a vulnerable release of Evergreen you +are *strongly* encouraged to upgrade to a non-vulnerable release as +soon as possible. + Set resource limits for Clark Kent ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Several parameters are now available for the reporter daemon process diff --git a/docs/RELEASE_NOTES_NEXT/security-bug-fix.txt b/docs/RELEASE_NOTES_NEXT/security-bug-fix.txt deleted file mode 100644 index 03d83cd6e8..0000000000 --- a/docs/RELEASE_NOTES_NEXT/security-bug-fix.txt +++ /dev/null @@ -1,9 +0,0 @@ -IMPORTANT SECURITY INFORMATION -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -A serious security flaw that allows unauthorized remote access to -organizational unit settings is fixed in the following releases of -Evergreen: 2.5.9, 2.6.7, and 2.7.4. All prior releases of Evergreen -are vulnerable to exploitation of this flaw to reveal sensitive system -information. If you are running a vulnerable release of Evergreen you -are *strongly* encouraged to upgrade to a non-vulnerable release as -soon as possible. -- 2.11.0