From 612ea9423f84caa6d89232a293975a0abed02532 Mon Sep 17 00:00:00 2001 From: Ben Shum Date: Fri, 10 Apr 2015 10:53:59 -0400 Subject: [PATCH] Docs: Update 2.6 RELEASE NOTES to include new section on Bug Fixes Signed-off-by: Ben Shum --- docs/RELEASE_NOTES_2_6.txt | 46 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) diff --git a/docs/RELEASE_NOTES_2_6.txt b/docs/RELEASE_NOTES_2_6.txt index 23f86d54ff..af7701de2b 100644 --- a/docs/RELEASE_NOTES_2_6.txt +++ b/docs/RELEASE_NOTES_2_6.txt @@ -490,6 +490,52 @@ revisions target level "AA" of compliance. For more information on WCAG, see http://www.w3.org/WAI/intro/wcag +Bug Fixes +--------- + +IMPORTANT SECURITY INFORMATION +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +A serious security flaw that allows unauthorized remote access to +organizational unit settings is fixed in the following releases of +Evergreen: 2.5.9, 2.6.7, and 2.7.4. All prior releases of Evergreen +are vulnerable to exploitation of this flaw to reveal sensitive system +information. If you are running a vulnerable release of Evergreen you +are *strongly* encouraged to upgrade to a non-vulnerable release as +soon as possible. + +Set resource limits for Clark Kent +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Several parameters are now available for the reporter daemon process +(`clark-kent.pl`) to control resource usage. These can be used to +reduce the chances that a malformed report can cause indigestion +on a database or reports server. The new parameters, which can be +set in `opensrf.xml` or as command-line switches for `clark-kent.pl` are + +* `//reporter/setup/statement_timeout` / `--statement-timeout` + +Number of minutes to allow a report's underlying SQL query +to run before it gets cancelled. Default value is +60 minutes. If a report's query gets cancelled, the +error_text value will be set to a valid that indicates that +the allowed time was exceeded. + +* `//reporter/setup/max_rows_for_charts` / `--max-rows-for-charts` + +Number of rows permitted in the query's output before +Clark Kent refuses to attempt to draw a graph. Default +value is 1,000 rows. + +* `//reporter/setup/resultset_limit` / `--resultset-limit` + +If set, truncates the report's output to the specified +number of hits. Note that it will not be apparent +to a staff user if the report's output has been +truncated. Default value is unlimited. + +The report concurrency (i.e., the number of reports that Clark +Kent will run in parallel) can now also be controlled via +the `opensrf.xml` setting `//reporter/setup/parallel`. + Acknowledgments --------------- The Evergreen project would like to acknowledge the following -- 2.43.2