Dear All,
Today we are releasing OMERO 5.4.7, a bug-fix release which also introduces some new functionality. It includes security fixes for 2018-SV1 POST password [1], 2018-SV2 Script Name UUID [2] and 2018-SV3 Modify User Password [3]. It is highly recommended that you upgrade. Impacts of the security vulnerability fixes include: * omero.security.password_required=false no longer applies for administrators: their correct password is always required * administrators can no longer change the password of other administrators who are more privileged in any way * administrators can no longer reset their password and receive the new one by e-mail: they must instead have another administrator who is at least as privileged set a new password manually * cli: the session UUID has been removed from the standard output when logging in but can still be retrieved using `bin/omero sessions key` Improvements include: * web: fix loss of privileges when editing full admins * web: fix exceptions on invalid connections * web: fix CSS in group/user search element * web: fix error when public user is disabled * web: gray out user role when editing root user * insight: permit open_with on original files * read-only: reduce error logging for scripts and pixel data * scripts: improve error messages for invalid MATLAB * as well as various documentation improvements Sysadmin improvements include: * log locale and time zone information on startup Developer updates include: * cli: clean up "communicator not destroyed" logging * cli: don't hang when incorrect password passed in a script * java: add a map annotation example * java: throw a clear exception when -1 is used for all groups * web: fix @render_response when extending base templates * matlab: contributions from Kouichi Nakamura for working with annotations This release also upgrades the version of Bio-Formats which OMERO uses to 5.9.0. **Note:** this is a significant upgrade and will invalidate the Bio-Formats Memoizer cache. Please see the upgrade guide for further information. OME policy is that security releases should not invalidate the Bio-Formats Memoizer cache. However, our previous OMERO 5.4.6 release accidentally included a Bio-Formats merge artifact that did not receive the quality assurance we require of release versions. We have now updated the version of Bio-Formats included in OMERO 5.4.7 and this will cause a refresh of the Memoizer cache. We apologize for this unfortunate mistake and for the extra work required by our users. We have adjusted the internal processes that caused it. Upgrade information is on the server upgrade page - https://docs.openmicroscopy.org/omero/5.4.7/sysadmins/server-upgrade.html. The software is also available at https://downloads.openmicroscopy.org/omero/5.4.7. Any problems or comments, please use the OME Forums or mailing lists - https://www.openmicroscopy.org/support/ Regards, The OME Team [1] https://www.openmicroscopy.org/security/advisories/2018-SV1-post-password/ [2] https://www.openmicroscopy.org/security/advisories/2018-SV2-script-name-uuid/ [3] https://www.openmicroscopy.org/security/advisories/2018-SV3-modify-user-password/ The University of Dundee is a registered Scottish Charity, No: SC015096 -- ImageJ mailing list: http://imagej.nih.gov/ij/list.html |
Free forum by Nabble | Edit this page |