From 326113d6bcc084df2898cbf05b0ff254db44c153 Mon Sep 17 00:00:00 2001 From: Kathy Lussier Date: Wed, 19 Apr 2017 12:28:19 -0400 Subject: [PATCH] Docs: Release notes for 2.11.4 maintenance release Signed-off-by: Kathy Lussier Conflicts: docs/RELEASE_NOTES_2_11.adoc --- docs/RELEASE_NOTES_2_11.adoc | 171 +++++++++++++++++++++++++++++++++++ 1 file changed, 171 insertions(+) diff --git a/docs/RELEASE_NOTES_2_11.adoc b/docs/RELEASE_NOTES_2_11.adoc index e5a12835cb..28255fafba 100644 --- a/docs/RELEASE_NOTES_2_11.adoc +++ b/docs/RELEASE_NOTES_2_11.adoc @@ -3,6 +3,177 @@ Evergreen 2.11 Release Notes :toc: :numbered: +Evergreen 2.11.4 +---------------- + +This release contains several bug fixes improving on Evergreen 2.11.3. + +* A fix to avoid fetching and creating EDI message entries that the +system cannot parse. +* A fix to prevent staff users from marking a long overdue item as lost +so that the patron will not be billed twice for the same item. +* A fix to the link that is used on the catalog's Library Info page so +that links with anchors can be successfully retrieved. +* A replacement for the blank fallback image used when the catalog cannot +retrieve an added content book cover. +* An EDI fix that prevents EDI fetcher from crashing when the vendor +supplies a zero-length file. +* A fix to an issue where adjusting a bill to zero for a current checkout +prematurely closes the transaction. +* A fix to encoding problems in MODS output. These problems caused issues +when using Zotero with records in the catalog. +* A fix to Evergreen self-check to accept the user name value when a barcode +regex has been configured for the system. +* A fix to duplicate name checking in the patron registration screen so that +clicking the "Found x patron(s) with same name" link will retrieve potential +duplicate inactive patrons. +* A fix to the bower install step used when installing the web staff client. +* A fix that marks a hold as fulfilled when staff check out a hold- +captured item for a hold whose expire time is in the past. +* A change to the acquisitions funding source funds drop down menu so that +the menu will now only display active funds and will also display the +year alongside the fund. +* A fix to a problem where the Current Bills tab of the patron record +showed duplicate charges when a check in was done from the Items Out tab. +* A fix that hides the option to add to My Lists from the staff client since this functionality does not work as expected in the staff client. +* A change to the fund year selectors in acq interfaces so that the years +are sorted in descending order. +* A fix to a billing issue where transactions were not re-opened after +they acquired a non-zero balance at check in. +* A change to the default pickup library when staff place a hold. The place hold +screen will now default to the preferred pickup location for the patron. If the +patron does not have a preferred pickup location, it will default to the +patron's home library. +* The ability to skip the XUL staff client build when in make_release. +* A fix that silences a log warning that appears for every checkout where a hard +due date is not used. + +Acknowledgements +~~~~~~~~~~~~~~~~ +We would like to thank the following individuals who contributed code, +testing and documentation patches to the 2.10.11 point release of +Evergreen: + +* Jason Boyer +* Eva Cerniňáková +* Galen Charlton +* Jeff Davis +* Bill Erickson +* Jason Etheridge +* Debbie Luchenbill +* Kathy Lussier +* Christine Morgan +* Michele Morgan +* Terran McCanna +* Jane Sandberg +* Jonathan Schatz +* Dan Scott +* Ben Shum +* Jason Stephenson +* Remington Steed +* Josh Stompro +* Dan Wells +* Bob Wicksall + + +Evergreen 2.11.3 +---------------- +This is a security release that also contains several other bugfixes improving +on Evergreen 2.11.2. All users of Evergreen 2.11.x are recommended to upgrade +to 2.11.3 as soon as possible. + +Security Issue: Credit Processor Stripe Settings Permissions +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Unprivileged users can retrieve organizational unit setting values for +setting types lacking a "view" permission. When the feature adding +Stripe credit card processing was added, the upgrade script neglected +to add the VIEW_CREDIT_CARD_PROCESSING permission to the +organizational unit setting type. This means that anyone can retrieve +and view the settings for Stripe credit card processing. + +Any system that upgraded from Evergreen version 2.5 to 2.6 is +affected. If you use Stripe for credit card processing, it is +strongly recommended that you apply this upgrade. Even if you do not +use Stripe, applying this upgrade is still recommended. If you did +not upgrade from version 2.5 to 2.6 of Evergreen, but started with a +later version, applying this upgrade is harmless. + +If you are not ready to perform a full upgrade, and if you use Stripe, +you can protect the settings by running the following two SQL statements: + +[source,sql] +---- +UPDATE config.org_unit_setting_type + SET view_perm = (SELECT id FROM permission.perm_list + WHERE code = 'VIEW_CREDIT_CARD_PROCESSING' LIMIT 1) + WHERE name LIKE 'credit.processor.stripe%' AND view_perm IS NULL; + +UPDATE config.org_unit_setting_type + SET update_perm = (SELECT id FROM permission.perm_list + WHERE code = 'ADMIN_CREDIT_CARD_PROCESSING' LIMIT 1) + WHERE name LIKE 'credit.processor.stripe%' AND update_perm IS NULL; +---- + +Missing Upgrade Script Notice +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +It was recently discovered that the 2.11.2 tarball was missing the +upgrade script for 2.11.1. If you upgraded straight to 2.11.2 from +2.11.0 or prior, please make sure to apply the +2.11.0-2.11.1-upgrade-db.sql before moving on to the 2.11.3 script. + +Other Fixes +~~~~~~~~~~~ +Evergreen 2.11.3 also contains the following bugfixes: + +* A fix to correctly apply floating group settings when performing +no-op checkins. +* An improvement to the speed of looking up patrons by their username; +this is particularly important for large databases. +* A fix to properly display the contents of temporary lists ('My List') in the +public catalog, as well as a fix of the HTML coding of that page. +* A fix to the Spanish translation of the public catalog that could +cause catalog searches to fail. +* A fix of a problem where certain kinds of requests of information +about the organizational unit hierarchy to consume all available +`open-ils.cstore` backends. +* A fix to allow staff to use the 'place another hold' link without +running into a user interface loop. +* A fix to the 'Edit Due Date' form in the web staff client. +* A fix to the definition of the stock 'Full Overlay' merge profile. +* A fix to sort billing types in alphabetical order in the web staff +client. +* A fix to the display of the popularity score in the public catalog. +* A fix to the 'return to grouped search results' link in the public +catalog. +* A fix to allow pre-cat checkouts in the web staff client without requiring +a circulation modifier. +* A fix to how Action/Trigger event definitions with nullable grouping +fields handle null values. +* Other typo and documentation fixes. + +Acknowledgements +~~~~~~~~~~~~~~~~ +We would like to thank the following individuals who contributed code, +testing and documentation patches to the 2.11.3 point release of +Evergreen: + +* Ben Shum +* Bill Erickson +* Blake Henderson +* Chris Sharp +* Christine Burns +* Dan Wells +* Galen Charlton +* Jane Sandberg +* Jason Boyer +* Jason Etheridge +* Jason Stephenson +* Jeanette Lundgren +* Josh Stompro +* Kathy Lussier +* Kyle Huckins +* Mike Rylander + Evergreen 2.11.2 ---------------- -- 2.43.2