Serials Module Security Notice - Evergreen 2.0.0-2.0.6

In the course of improving the Serials module, it was found that permissions had not been correctly applied to the "Serial Control View" interface. This affects Evergreen versions 2.0.0 thru 2.0.6. If you are using the Serials module in Evergreen 2.0, it is strongly suggested that you follow the steps below to manually replace the affected file. If you are not using the Serials module, you may safely ignore this notice.

Follow these steps to resolve this issue:

1. Login to your Evergreen server as the opensrf user
2. Download the updated version of Serial.pm:

   wget http://svn.open-ils.org/trac/ILS/export/20451/branches/rel_2_0/Open-ILS/src/perlmods/OpenILS/Application/Serial.pm

3. Move the file to your OpenILS installation (usually /openils/, adjust as needed):

   mv Serial.pm /openils/lib/perl5/OpenILS/Application/

4. Restart the open-ils.serial service:

   export OSRF_HOSTNAME="localhost";opensrf-perl.pl --pid-dir /openils/var/run/ --action restart --service open-ils.serial --config /openils/conf/opensrf_core.xml

   The OSRF_HOSTNAME must match your <hosts> entry in opensrf.xml; adjust if necessary. Also, as in the previous command, replace all appearances of /openils/ with your actual installation directory if you installed to a non-standard location.