From b298bc47bf8b09db5c0f2a748b8d1c03e873441b Mon Sep 17 00:00:00 2001
From: Galen Charlton <gmc@equinoxinitiative.org>
Date: Wed, 24 May 2017 12:33:45 -0400
Subject: [PATCH] release notes for 2.10.12

Signed-off-by: Galen Charlton <gmc@equinoxinitiative.org>
---
 docs/RELEASE_NOTES_2_10.adoc | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/docs/RELEASE_NOTES_2_10.adoc b/docs/RELEASE_NOTES_2_10.adoc
index c49bcd982f..09749f9290 100644
--- a/docs/RELEASE_NOTES_2_10.adoc
+++ b/docs/RELEASE_NOTES_2_10.adoc
@@ -3,6 +3,32 @@ Evergreen 2.10 Release Notes
 :toc:
 :numbered:
 
+Evergreen 2.10.12
+-----------------
+This release is a security release.
+
+Security Issue: XSS Vulnerability in Public Catalog
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+This release fixes several cross-site scripting (XSS) vulnerabilities
+in the public catalog. When upgrading, Evergreen administrators should
+review whether any of the following templates have been customized
+or overridden. If so, either the template should be replaced with the
+stock version or the XSS fix (which entails adding the `| html` filter
+in several places) applied to the customized version.
+
+* `Open-ILS/src/templates/opac/parts/locale_picker.tt2`
+* `Open-ILS/src/templates/opac/parts/login/form.tt2`
+* `Open-ILS/src/templates/opac/parts/searchbar.tt2`
+
+Acknowledgements
+~~~~~~~~~~~~~~~~
+We would like to thank the following individuals who contributed code,
+testing and documentation patches to the 2.10.12 point release of
+Evergreen:
+
+* Galen Charlton
+* Dan Scott
+
 Evergreen 2.10.11
 -----------------
 
-- 
2.43.2