From dave.macfarlane at mcin.ca Tue Oct 3 13:32:53 2023 From: dave.macfarlane at mcin.ca (Dave MacFarlane) Date: Tue, 3 Oct 2023 13:32:53 -0400 Subject: [Loris-dev] v24.1.5 and v25.0.1 LORIS Releases Message-ID: We recently discovered a security issue with the media module in LORIS where there was a potential for an SQL injection in the module. A fix has been included in v25.0.1 as well as v24.1.5 for projects that can't upgrade to v25 yet (it also includes a number of other non-security related bug fixes that had not been released.) It's highly recommended that you upgrade. If you're running an older, unsupported version of LORIS and can't upgrade, you'll need to incorporate the changes from https://github.com/aces/Loris/pull/8908 into an override or disable the media module to protect yourself from the potential SQL injection attack. -------------- next part -------------- An HTML attachment was scrubbed... URL: