Thursday, May 26, 2016

Koha 3.22.7 security release

Koha 3.22.7 security release

The Koha community is proud to announce the release of Koha 3.22.7
Koha 3.22.7 is a security release.
It includes 1 security fix, 71 bugfixes and 1 enhancement.
Security bugs fixed
[16476] CGI->param(‘foo’) in list context allows XSS (e.g. Javascript injection) in Koha
Critical bugs fixed
Architecture, internals, and plumbing
[16505] skips updates if -x is passed
[16539] Koha::Cache is incorrectly caching single holidays
[16373] reports success but files are not merged
[16356] [3.22] Error 500 when returning an item which itemtype is not defined in ItemTypes
Installation and upgrade (web-based installer)
[13669] Web installer fails to load sample data on MySQL 5.6+
[16402] DB structure cannot be loaded in MySQL 5.7
[16517] A server error is raised when creating a new list with an existing name
[12752] OVERDUE notice mis-labeled as “Hold Available for Pickup”
Staff Client
[15816] Timeout login redirects to home page
[14632] Incorrect alert while deleting single item in batch
Test Suite
[16561] Regression caused by 15877 – t/db_dependent/Barcodes.t deletes all items from a DB
[16426] Import borrowers tool warns for blank and/or existing userids
Other bugs fixed
[11203] Datatables in acqusitions do not ignore “stopwords” in titles
[13041] Can’t add user as manager of basket if name includes a single quote
[16154] Replace CGI->param with CGI->multi_param in list context
[16253] Acq: Change “Delete order” to “Cancel order line” on basket summary and receive page
[16321] ‘Show all details’ checkbox triggers JS error after jQuery upgrade
[16325] Suggestions: Tab “Status unknown” contains all suggestions
[16384] When canceling ‘edit basket’, return to basket summary if you came from there
Architecture, internals, and plumbing
[15086] Creators layout and template sql has warnings
[15877] C4::Barcodes does not correctly calculate db_max for ‘annual’ barcodes
[15878] C4::Barcodes::hbyymmincr inccorectly calculates max and should warn when no branchcode present
[16104] Warnings “used only once: possible typo” should be removed
[16105] Cache::Memory is loaded even if memcache is used
[16259] More: Replace CGI->param with CGI->multi_param in list context
[16429] Going to circulation from notice triggers may change logged in branch
[16452] PatronLists.t raises a warning
[16499] logs warnings about Use of uninitialized value
[16550] Can’t set opac news expiration date to NULL, it reverts to today
[15682] Merging records from cataloguing search only allows to merge 2 records
[15919] Batch checkout should show due date in list of checked-out items
[16170] Pseudo foreign key in Items
[16322] Translatability: “Unknown” in suggestion/ not translatable
[16484] Virtualshelves: Using no XSLTResultsDisplay breaks content display in intranet (titles not showing in lists)
MARC Authority data support
[14050] Default framework for authorities should not be deletable
[1859] Notice fields: can’t select multiple fields at once
[16217] Notice’ names may have diverged
[16220] The view tabs on are not responsive
[16233] Unclosed strong tag in the breaks some display
[16315] OPAC Shelfbrowser doesn’t display the full title
[16340] JS variable in is declared two times
[16478] Translation breaks display of Checkout history in tab Checkouts / On-site-checkouts
[16516] showListsUpdate JS function is not defined at the OPAC
[9393] Add note to if borrower has pending modifications
[12721] Prevent software error if incorrect fieldnames given in sypref StatisticsFields
[15823] Can still access patron discharge slip without having the syspref on – Permissions breach
[16447] “Borrow Permission” should not be used anymore
[16481] Report menu has unexpected issues
[13871] OverDrive message when user authentication fails
[16041] StaffAuthorisedValueImages & AuthorisedValueImages preferences – impact on search performance
[16398] Keep expanded view after clearing the search form
Self checkout
[12663] SCOUserCSS and SCOUserJS ignored on selfcheck login page
[13877] seasonal predictions showing wrong in test
Staff Client
[9387] Feedback message for FAILED check out items are not obvious for visually impaired
[16218] (and others) does not include jQuery
[16270] Typo authentification vs authentication in 404
System Administration
[15009] Planning dropdown button in aqbudget can have empty line
[15194] Drop-down menu ‘Actions’ has problem in ‘Saved reports’ page with language bottom bar
[16159] guarantor section missing ID on patron add form
[16230] Show tooltip with menu item when fund cannot be deleted
[16369] Clean up and improve plugins template
[16381] Fix capitalization on tags review page
[16415] Layout problem on staff client detail page if local cover images are enabled
[16439] Allow styling to button for upload local cover images (Font Awesome Icons)
[16480] Unclosed tag span in shelves on intranet
Test Suite
[14144] Silence warnings t/db_dependent/Auth_with_ldap.t
[14362] PEGI 15 Circulation/AgeRestrictionMarkers test fails
[16390] Accounts.t does not need MPL
[16407] Fix Koha_borrower_modifications.t
[16501] Remove some unneeded warns in Upload.t
[15403] Confirm messages in intranet lists interface strangely worded

Official Source [click]

No comments:

Post a Comment