Greetings AtoM community,
Thanks to a security vulnerability report delivered from our community via our Security reporting address (learn more about our Security reporting policy for AtoM here), we are preparing a 2.6.4 security release, which we intend to make available next week, on Thursday, April 15th, 2021. At that time, we will also share more information about the nature of the vulnerability.
The issue reported also affects earlier 2.4 and 2.5 releases. Additionally, we’re aware that many of you may have just upgraded to 2.6.3. To provide the widest possible coverage, as well as give recently upgraded users a way to avoid a fresh install, we will also be making patches available for 2.4, 2.5, and 2.6 releases that can be applied in-place without upgrading. Note that these patches will not increment the release version number in Admin > Settings, but will patch the security vulnerability.
Thank you in advance for your patience and understanding! Extra big thank you to our community for continuing to report these kinds of issues to us, so we can fix them and make AtoM as secure as possible.
Stay tuned for a release announcement next Thursday!
For more information, you can check out:
The Roadmap page on the AtoM wiki
The AtoM project’s Security and Reporting Policy
Thanks,
--
You received this message because you are subscribed to the Google Groups "AtoM Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ica-atom-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ica-atom-users/6148e21a-9cf4-4fca-8c85-4775fb7fa2f7n%40googlegroups.com.