Greetings AtoM community,
Thanks to a security vulnerability report delivered from our community via our Security reporting address (learn more about our Security reporting policy for AtoM here), we have made some changes to our upcoming release plans as they were announced in the forum in December of 2020.
On December 21, 2020, we announced in the user forum an upcoming 2.6.2 release that, in addition to other bug fixes, would include a replacement for AtoM’s now-deprecated Flash-based multi-uploader. We are still finalizing this release, but it has been delayed slightly as we have worked to address the security vulnerability reported in AtoM 2.4, 2.5, and 2.6.
In light of this, we are now planning to release 2.6.2 as a security patch release on Thursday, February 4th, 2021. We encourage all AtoM users to upgrade to this version as soon as possible. We will also make patches available for 2.4 and 2.5 users who do not wish to upgrade at this time. Further details on the nature of the vulnerability will be made public on the day of the release.
In the meantime, AtoM’s Flash multiuploader replacement and other bug fixes will be targeted for release 2.6.3. We hope to have this release finalized in the coming weeks, and apologise for the delay.
As of now, our next major feature release, AtoM 2.7, is still slated for release in Q3 of 2021.
For more information, you can check out:
The Roadmap page on the AtoM wiki
The user forum release update announcement from December 21, 2020
The AtoM project’s Security and Reporting Policy