UPCOMING AtoM 2.6.2 SECURITY RELEASE (and news on other upcoming releases)

283 views
Skip to first unread message

Dan Gillean

unread,
Jan 28, 2021, 12:56:41 PM1/28/21
to ICA-AtoM Users

Greetings AtoM community, 


Thanks to a security vulnerability report delivered from our community via our Security reporting address (learn more about our Security reporting policy for AtoM here), we have made some changes to our upcoming release plans as they were announced in the forum in December of 2020. 


On December 21, 2020, we announced in the user forum an upcoming 2.6.2 release that, in addition to other bug fixes, would include a replacement for AtoM’s now-deprecated Flash-based multi-uploader. We are still finalizing this release, but it has been delayed slightly as we have worked to address the security vulnerability reported in AtoM 2.4, 2.5, and 2.6. 


In light of this, we are now planning to release 2.6.2 as a security patch release on Thursday, February 4th, 2021. We encourage all AtoM users to upgrade to this version as soon as possible. We will also make patches available for 2.4 and 2.5 users who do not wish to upgrade at this time. Further details on the nature of the vulnerability will be made public on the day of the release. 


In the meantime, AtoM’s Flash multiuploader replacement and other bug fixes will be targeted for release 2.6.3. We hope to have this release finalized in the coming weeks, and apologise for the delay. 


As of now, our next major feature release, AtoM 2.7, is still slated for release in Q3 of 2021. 


For more information, you can check out:



Thanks again for your patience, and stay tuned for further updates on 2.6.2 and 2.6.3. 

Cheers, 

Dan Gillean, MAS, MLIS
AtoM Program Manager
Artefactual Systems, Inc.
604-527-2056
@accesstomemory
he / him

Dan Gillean

unread,
Feb 4, 2021, 5:28:09 PM2/4/21
to ICA-AtoM Users
FYI, the 2.6.2 security release is now available. 
The 2.6.2 release page also includes more information on the nature of the security vulnerability we've patched. 

For users who are unable to upgrade at this time, we've provided patches for 2.4, 2.5, and 2.6 on the related issue ticket, along with basic instructions for applying the patch. See: 
If you have any questions about this release, please post them on the Release announcement thread! 

Regards, 

Dan Gillean, MAS, MLIS
AtoM Program Manager
Artefactual Systems, Inc.
604-527-2056
@accesstomemory
he / him

Reply all
Reply to author
Forward
0 new messages