On Wed, Apr 17, 2013 at 12:31:50PM -0700, Galen Charlton wrote: ... > THESE RELEASES CONTAIN SECURITY UPDATES. We strongly recommend that > you upgrade as soon as possible. > > The pcrud, cstore, and rstore services are susceptible to an SQL > injection attack. Any user can potentially make arbitrary SQL run on > the Evergreen database. ... Can you confirm that applying just this commit to an existing 2.2 tree and rebuilding the C drones will fix ths security issue? http://git.evergreen-ils.org/?p=Evergreen.git;a=commit;h=34c0a980a1a17b1d1649ede361533a9bcfc6e020
-- Robin Hugh Johnson SITKA: Sysadmin Phone: 1-855-383-5761 ext 1010 GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85
