Critical Vulnerability in Islandora 2.x

[comm...@islandora.ca]

Yesterday afternoon, a critical vulnerability in Islandora 2.x was identified by the team at discoverygarden that permits anonymous users to add content to a repository. This issue has been patched and fixed in the new 2.4.1 release.

This affects:

• 2.x releases <= 2.4.0

• The 8.x-1.x-dev branch (which is deprecated, please upgrade to 2.4.1)

Fixed on:

• 2.4.1

We recommend all Islandora 2x users update immediately to avoid being affected by this vulnerability.

Warm thanks to all involved in the timely identification and resolution of this issue.

Best,

Isabella (on behalf of the Technical Advisory Group)