[Loris-dev] v24.1.5 and v25.0.1 LORIS Releases
Dave MacFarlane
dave.macfarlane at mcin.ca
Tue Oct 3 13:32:53 EDT 2023
We recently discovered a security issue with the media module in LORIS
where there was a potential for an SQL injection in the module. A fix has
been included in v25.0.1 as well as v24.1.5 for projects that can't upgrade
to v25 yet (it also includes a number of other non-security related bug
fixes that had not been released.) It's highly recommended that you upgrade.
If you're running an older, unsupported version of LORIS and can't upgrade,
you'll need to incorporate the changes from
https://github.com/aces/Loris/pull/8908 into an override or disable the
media module to protect yourself from the potential SQL injection attack.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.bic.mni.mcgill.ca/pipermail/loris-dev/attachments/20231003/9094dbe7/attachment.html>
More information about the Loris-dev
mailing list