From 27c608caa49c2c50983843ce9154e90af32d1bff Mon Sep 17 00:00:00 2001
From: Jason Stephenson <jstephenson@mvlc.org>
Date: Thu, 19 Feb 2015 11:17:08 -0500
Subject: [PATCH] LP#1424755: Add IMPORTANT SECURITY INFORMATION release note.

Signed-off-by: Jason Stephenson <jstephenson@mvlc.org>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Ben Shum <bshum@biblio.org>
---
 docs/RELEASE_NOTES_NEXT/security-bug-fix.txt | 9 +++++++++
 1 file changed, 9 insertions(+)
 create mode 100644 docs/RELEASE_NOTES_NEXT/security-bug-fix.txt

diff --git a/docs/RELEASE_NOTES_NEXT/security-bug-fix.txt b/docs/RELEASE_NOTES_NEXT/security-bug-fix.txt
new file mode 100644
index 0000000000..03d83cd6e8
--- /dev/null
+++ b/docs/RELEASE_NOTES_NEXT/security-bug-fix.txt
@@ -0,0 +1,9 @@
+IMPORTANT SECURITY INFORMATION
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+A serious security flaw that allows unauthorized remote access to
+organizational unit settings is fixed in the following releases of
+Evergreen: 2.5.9, 2.6.7, and 2.7.4.  All prior releases of Evergreen
+are vulnerable to exploitation of this flaw to reveal sensitive system
+information.  If you are running a vulnerable release of Evergreen you
+are *strongly* encouraged to upgrade to a non-vulnerable release as
+soon as possible.
-- 
2.43.2