Release 2.6.2

From AtoM wiki

Main Page > Releases > Releases/Release announcements > Release 2.6.2

Release date: February 4, 2021

Download link: atom-2.6.2.tar.gz (18.7MB)

Database schema version: v184

Release 2.6.2 is a security patch release for the 2.6.0 AtoM release. It includes only one bug fix to address a recently discovered security vulnerability affecting AtoM 2.4, 2.5, and 2.6. Further disclosure details will be included here once the release is publicly available.

Visit the Downloads page to download the most recent release, and consult the 2.6 Upgrading and Installation guides in our documentation for further information.

Security patch

  • #13470 - Clipboard toggle endpoint is vulnerable to SQL injection

Thanks to a security report from the United Nations Archives and Records Management Section and Carleton University Library, we have patched a SQL injection vulnerability caused by a non-parameterized query on the clipboard, an issue found in releases 2.4, 2.5, and 2.6. This is a blind SQL injection vulnerability, which fortunately reduces the range of exploits this might expose - but nevertheless should be taken seriously and addressed quickly.

This 2.6.2 release includes a fix that patches the vulnerability. We recommend that all users upgrade to 2.6.2 as soon as possible. While we are not preparing full release tarballs for 2.5.x and 2.4.x, you will also find patches for these releases, as well as 2.6.x, that can be applied locally if upgrading to 2.6.2 is not an option.



For a full list of issues related to the 2.6.2 release, see the following link to our issue tracker: