You are viewing the PKP Support Forum | PKP Home Wiki

OJS 2.3.6 Released

Are you an Editor, Author, or Journal Manager in need of help? Want to talk to us about workflow issues? This is your forum.

Moderators: jmacgreg, michael, vgabler, John

Forum rules
This forum is meant for general questions about the usability of OJS from an everyday user's perspective: journal managers, authors, and editors are welcome to post questions here, as are librarians and other support staff. We welcome general questions about the role of OJS and how the workflow works, as well as specific function- or user-related questions.

What to do if you have general, workflow or usability questions about OJS:

1. Read the documentation. We've written documentation to cover from OJS basics to system administration and code development, and we encourage you to read it.

2. take a look at the tutorials. We will continue to add tutorials covering OJS basics as time goes on.

3. Post a question. Questions are always welcome here, but if it's a technical question you should probably post to the OJS Technical Support subforum; if you have a development question, try the OJS Development subforum.

OJS 2.3.6 Released

Postby asmecher » Thu Jun 30, 2011 2:11 pm

The PKP Development Team announces the release of OJS 2.3.6.

OJS 2.3.6 was released to address a security vulnerability affecting all versions of OJS between 2.2.1 and 2.3.5 (inclusive). The vulnerability affects file uploads to the "public" directory. See the issues marked "Critical" at http://pkp.sfu.ca/wiki/index.php/OJS_2.3.5_Recommended_Patches for full details. We recommend that users running affected versions of OJS either patch their installations with the patches available at the link above or upgrade to the newest release as soon as possible. There have been reports of abuse of this vulnerability and we suggest that users check server logs to review access to the "public" directory, looking for requests to server-side executables such as PHP scripts within that directory.

OJS 2.3.6 also includes a number of minor bug fixes and modifications, also described at the above link.

PKP takes security very seriously and has established a solid track record, both for good coding practices and for rapid responses to the few issues that have arisen. The best way to stay informed about security issues is to subscribe to the recommended patches page for your release of OJS.

For full release notes, please see http://pkp.sfu.ca/ojs/RELEASE-2.3.6. OJS 2.3.6 can be downloaded at http://pkp.sfu.ca/ojs_download.
Posts: 10015
Joined: Wed Aug 10, 2005 12:56 pm

Return to OJS Editorial Support and Discussion

Who is online

Users browsing this forum: Bing [Bot] and 1 guest