Policy Previous Versions
- Security Advisory– Google Chrome Browser version 80 Updates and Ex Libris products and services
- On February 4, 2020 Google will roll out a new version of Google Chrome (80) that will implement a secure-by-default model for cookies using the SameSite attribute, enabled by a new cookie classification system. As of February 2020, only cookies with the SameSite set to "None" and tagged as Secure will be able to send cross-sites and will require encrypted HTTPS connection access.
- Security Update - A potential misuse of the "Send To Email" functionality
- Ex Libris was notified of an issue regarding the potential to misuse the multiple recipient mail functionality in Primo. A potential misuse of the "Send To Email" functionality can result in multiple e-mails being sent from Primo to a long list of recipients.
- Security Update - Ex Libris Patron Directory Services (PDS) Security Vulnerability
- A Critical ranked vulnerability has been discovered in Ex Libris PDS component. PDS is used to integrated Ex Libris products with the institutional identity management systems (LDAP, Shibboleth, etc.). The vulnerability, if exploit by an attacker, may compromise the security level of PDS.
- Security Update - “Shellshock” - Security Vulnerability Update
- Ex Libris has been made aware of a recently discovered serious vulnerability that called “Shellshock” All Unix/Linux systems that use the Bash shell (a popular command-line shell) are vulnerable to the 'shellshock' exploit. This vulnerability allows remote attackers to remotely issue commands, start/stop processes or install code.