Due to the recently announced XML parameter parsing security vulnerability in Rails, we are forced to release a new version of leihs that works around this problem.

We urge all users to upgrade to leihs 2.9.8 to fix the issue. Tarballs are available at SourceForge, the source code is at GitHub.

The upgrade procedure is the same as usual and is described in the leihs admin guide.