Greetings AtoM community members,
We have a new security release available today for public download and installation.
AtoM 2.6.2 includes just one issue fix (#13470), patching a blind SQL injection vulnerability on the clipboard. We would like to thank the United Nations Archives and Records Management Section and the Carleton University Library for reporting this issue to us, using our Security reporting guidelines. Further details have been included on the official 2.6.2 release page on the AtoM wiki.
This issue affects releases 2.4.x, 2.5.x, and 2.6.x. We recommend all users upgrade to version 2.6.2 as soon as possible. Visit the Downloads page to download the most recent release, and consult the 2.6 Upgrading and Installation guides in our documentation for further information.
For users who are unable to upgrade at this time, patches for 2.4, 2.5, and 2.6 have been made available that can be applied directly to a production installation, along with basic instructions for applying the patch, on the related issue ticket. See:
Our next AtoM release will be 2.6.3, which will include bug fixes and a replacement for AtoM’s Flash-based multi-uploader. Please see this previous forum thread for more information:
Release 2.7 is loosely slated for release in Q3 of 2021.
As always please let us know if you have any questions!
Cheers,
--
You received this message because you are subscribed to the Google Groups "AtoM Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ica-atom-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ica-atom-users/5c71f9b0-420c-4823-bb96-b0539615f918n%40googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ica-atom-users/CAEz_m%3DTQKy9gujucu7x7-WJwVJeKVWgXcHFOGQOLtgdASLq4mg%40mail.gmail.com.