From 365cf81d53182d0a8b7ff5911e91f7c3d6cab409 Mon Sep 17 00:00:00 2001
From: Ben Shum <bshum@biblio.org>
Date: Fri, 10 Apr 2015 10:43:31 -0400
Subject: [PATCH] Docs: Move security bug fix note into the Bug Fixes area of
 2.7 RELEASE NOTES

Signed-off-by: Ben Shum <bshum@biblio.org>
---
 docs/RELEASE_NOTES_2_7.txt | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/docs/RELEASE_NOTES_2_7.txt b/docs/RELEASE_NOTES_2_7.txt
index 49f3c36d66..12d3bef969 100644
--- a/docs/RELEASE_NOTES_2_7.txt
+++ b/docs/RELEASE_NOTES_2_7.txt
@@ -379,6 +379,16 @@ http://sitemaps.org specification, including:
 Bug Fixes
 ---------
 
+IMPORTANT SECURITY INFORMATION
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+A serious security flaw that allows unauthorized remote access to
+organizational unit settings is fixed in the following releases of
+Evergreen: 2.5.9, 2.6.7, and 2.7.4.  All prior releases of Evergreen
+are vulnerable to exploitation of this flaw to reveal sensitive system
+information.  If you are running a vulnerable release of Evergreen you
+are *strongly* encouraged to upgrade to a non-vulnerable release as
+soon as possible.
+
 Set resource limits for Clark Kent
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 Several parameters are now available for the reporter daemon process
-- 
2.11.0