Difference between revisions of "Releases/Release announcements/Release 2.6.4"

From AtoM wiki
(Update release page on release day!)
m (fix typo in tarball link)
Line 4: Line 4:
 
'''Release date''': April 15, 2021
 
'''Release date''': April 15, 2021
  
'''Download link''': [http://storage.accesstomemory.org/releases/atom-2.6.4.tar.gz atom-2.6.4.tar.gz] (17 MB)
+
'''Download link''': [https://storage.accesstomemory.org/releases/atom-2.6.4.tar.gz atom-2.6.4.tar.gz] (17 MB)
  
 
'''Database schema version''': v184
 
'''Database schema version''': v184

Revision as of 15:43, 15 April 2021

Main Page > Releases > Releases/Release announcements > Release 2.6.4

Release date: April 15, 2021

Download link: atom-2.6.4.tar.gz (17 MB)

Database schema version: v184

Release 2.6.4 is a security patch release for the 2.6.x AtoM releases. It includes one bug fix to address a recently discovered security vulnerability affecting AtoM 2.4, 2.5, and 2.6, and an unrelated internal code optimization. Further disclosure details will be included here once the release is publicly available.

Visit the Downloads page to download the most recent release, and consult the 2.6 Upgrading and Installation guides in our documentation for further information.

Security patch

  • #13495

Thanks to a security report from the United Nations Archives and Records Management Section, we have patched a cross-site scripting (XSS) vulnerability found on the Clipboard export page. This was missed in previous testing because it requires a specific order of clicks to activate the vulnerability. A third-party security researcher reported this to UN ARMS, who then passed on the information to Artefactual. We have reproduced the issue, and confirmed that it also affects 2.4.x and 2.5.x releases as well as all previous 2.6.x releases.

This 2.6.4 release includes a fix that patches the vulnerability. We recommend that all users upgrade to 2.6.4 as soon as possible.

While we are not preparing full release tarballs for 2.5.x and 2.4.x, you will also find patches for these releases, as well as 2.6.x, that can be applied locally if upgrading to 2.6.4 is not an option. The patch and basic installation instructions can be found on the related issue ticket - see:

Links

Seealso

For a full list of issues related to the 2.6.4 release, see the following link to our issue tracker: