zzz_archive:security_notice:serials_module
Serials Module Security Notice - Evergreen 2.0.0-2.0.6
In the course of improving the Serials module, it was found that permissions had not been correctly applied to the "Serial Control View" interface. This affects Evergreen versions 2.0.0 thru 2.0.6. If you are using the Serials module in Evergreen 2.0, it is strongly suggested that you follow the steps below to manually replace the affected file. If you are not using the Serials module, you may safely ignore this notice.
Follow these steps to resolve this issue:
- Login to your Evergreen server as the
opensrf
user - Download the updated version of Serial.pm:
wget http://svn.open-ils.org/trac/ILS/export/20451/branches/rel_2_0/Open-ILS/src/perlmods/OpenILS/Application/Serial.pm
- Move the file to your OpenILS installation (usually
/openils/
, adjust as needed):mv Serial.pm /openils/lib/perl5/OpenILS/Application/
- Restart the
open-ils.serial
service:export OSRF_HOSTNAME="localhost";opensrf-perl.pl --pid-dir /openils/var/run/ --action restart --service open-ils.serial --config /openils/conf/opensrf_core.xml
The
OSRF_HOSTNAME
must match your<hosts>
entry inopensrf.xml
; adjust if necessary. Also, as in the previous command, replace all appearances of/openils/
with your actual installation directory if you installed to a non-standard location.
zzz_archive/security_notice/serials_module.txt · Last modified: 2022/02/10 13:34 by 127.0.0.1