Saltar al contenido
Koha

Liberado Koha 3.22.7 parche de seguridad

26 de mayo de 2016

La comunidad de koha se complace en anunciar la liberación del parche 3.22.7.

El parche incluye 1 parche de seguridad, 71 correcciones bugs y 1 mejora

Security bugs fixed

  • [16476] CGI->param(‘foo’) in list context allows XSS (e.g. Javascript injection) in Koha

Critical bugs fixed

Architecture, internals, and plumbing

  • [16505] rebuild_zebra.pl skips updates if -x is passed
  • [16539] Koha::Cache is incorrectly caching single holidays

Cataloging

  • [16373] merge.pl reports success but files are not merged

Circulation

  • [16356] [3.22] Error 500 when returning an item which itemtype is not defined in ItemTypes

Installation and upgrade (web-based installer)

  • [13669] Web installer fails to load sample data on MySQL 5.6+
  • [16402] DB structure cannot be loaded in MySQL 5.7

Lists

  • [16517] A server error is raised when creating a new list with an existing name

Notices

  • [12752] OVERDUE notice mis-labeled as “Hold Available for Pickup”

Staff Client

  • [15816] Timeout login redirects to home page

Templates

  • [14632] Incorrect alert while deleting single item in batch

Test Suite

  • [16561] Regression caused by 15877 – t/db_dependent/Barcodes.t deletes all items from a DB

Tools

  • [16426] Import borrowers tool warns for blank and/or existing userids

Other bugs fixed

Acquisitions

  • [11203] Datatables in acqusitions do not ignore “stopwords” in titles
  • [13041] Can’t add user as manager of basket if name includes a single quote
  • [16154] Replace CGI->param with CGI->multi_param in list context
  • [16253] Acq: Change “Delete order” to “Cancel order line” on basket summary and receive page
  • [16321] ‘Show all details’ checkbox triggers JS error after jQuery upgrade
  • [16325] Suggestions: Tab “Status unknown” contains all suggestions
  • [16384] When canceling ‘edit basket’, return to basket summary if you came from there

Architecture, internals, and plumbing

  • [15086] Creators layout and template sql has warnings
  • [15877] C4::Barcodes does not correctly calculate db_max for ‘annual’ barcodes
  • [15878] C4::Barcodes::hbyymmincr inccorectly calculates max and should warn when no branchcode present
  • [16104] Warnings “used only once: possible typo” should be removed
  • [16105] Cache::Memory is loaded even if memcache is used
  • [16259] More: Replace CGI->param with CGI->multi_param in list context
  • [16429] Going to circulation from notice triggers may change logged in branch
  • [16452] PatronLists.t raises a warning
  • [16499] circulation.pl logs warnings about Use of uninitialized value
  • [16550] Can’t set opac news expiration date to NULL, it reverts to today

Cataloging

  • [15682] Merging records from cataloguing search only allows to merge 2 records

Circulation

  • [15919] Batch checkout should show due date in list of checked-out items

Database

  • [16170] Pseudo foreign key in Items

I18N/L10N

  • [16322] Translatability: “Unknown” in suggestion/suggestion.pl not translatable

Lists

  • [16484] Virtualshelves: Using no XSLTResultsDisplay breaks content display in intranet (titles not showing in lists)

MARC Authority data support

  • [14050] Default framework for authorities should not be deletable

Notices

  • [1859] Notice fields: can’t select multiple fields at once
  • [16217] Notice’ names may have diverged

OPAC

  • [16220] The view tabs on opac-detail.pl are not responsive
  • [16233] Unclosed strong tag in the opac-facets.inc breaks some display
  • [16315] OPAC Shelfbrowser doesn’t display the full title
  • [16340] JS variable in opac-bottom.inc is declared two times
  • [16478] Translation breaks display of Checkout history in tab Checkouts / On-site-checkouts
  • [16516] showListsUpdate JS function is not defined at the OPAC

Patrons

  • [9393] Add note to circulation.pl if borrower has pending modifications
  • [12721] Prevent software error if incorrect fieldnames given in sypref StatisticsFields
  • [15823] Can still access patron discharge slip without having the syspref on – Permissions breach
  • [16447] “Borrow Permission” should not be used anymore

Reports

  • [16481] Report menu has unexpected issues

SIP2

  • [13871] OverDrive message when user authentication fails

Searching

  • [16041] StaffAuthorisedValueImages & AuthorisedValueImages preferences – impact on search performance
  • [16398] Keep expanded view after clearing the search form

Self checkout

  • [12663] SCOUserCSS and SCOUserJS ignored on selfcheck login page

Serials

  • [13877] seasonal predictions showing wrong in test

Staff Client

  • [9387] Feedback message for FAILED check out items are not obvious for visually impaired
  • [16218] printfeercpt.tt (and others) does not include jQuery
  • [16270] Typo authentification vs authentication in 404

System Administration

  • [15009] Planning dropdown button in aqbudget can have empty line

Templates

  • [15194] Drop-down menu ‘Actions’ has problem in ‘Saved reports’ page with language bottom bar
  • [16159] guarantor section missing ID on patron add form
  • [16230] Show tooltip with menu item when fund cannot be deleted
  • [16369] Clean up and improve plugins template
  • [16381] Fix capitalization on tags review page
  • [16415] Layout problem on staff client detail page if local cover images are enabled
  • [16439] Allow styling to button for upload local cover images (Font Awesome Icons)
  • [16480] Unclosed tag span in shelves on intranet

Test Suite

  • [14144] Silence warnings t/db_dependent/Auth_with_ldap.t
  • [14362] PEGI 15 Circulation/AgeRestrictionMarkers test fails
  • [16390] Accounts.t does not need MPL
  • [16407] Fix Koha_borrower_modifications.t
  • [16501] Remove some unneeded warns in Upload.t

Enhancements

Lists

  • [15403] Confirm messages in intranet lists interface strangely worded