Overview

Ex Libris considers security and privacy to be the highest of priorities, and continues to analyze the issues regarding the misuse of the SEND TO email function.
A solution for Cloud users was put in place in May 2017.

On Monday, June 5, 2017, Ex Libris will provide a solution for local, on-premise customers.  A more comprehensive solution will be available as part of the Primo August release.

A user could manually send mail to multiple recipients that could cause a load on the Primo mail server.

On May 18, Ex Libris implemented a solution for our Cloud services using multiple layers of security to protect the send mail function to multiple recipients.  

Current Status: Information for On-Premise Customers – Update June 1, 2017

Effective Security Severity Level:

Medium

Affected Systems:

Primo

Tests and Certifications:

The mitigation for this issue has been identified.

Actions Taken for Hosted Systems:

Ex Libris implemented a security solution on May 18, 2017

Required Actions for On-Premise Systems:

On-premise customers should follow the instructions published by Ex Libris on Friday, May 26, 2017.  We are looking into additional mitigations for our on-premise customers and will provide another update on Monday, June 5, 2017.  A more comprehensive solution will be available as part of the Primo August release