From f6985d59d48f9816c2d520dd84fd8defb4988a88 Mon Sep 17 00:00:00 2001
From: Jason Stephenson <jason@sigio.com>
Date: Wed, 30 Jan 2013 16:56:12 -0500
Subject: [PATCH] Fix an omission in the log redaction configuration.

open-ils.actor.patron.password_reset.commit was omitted in the
<log_protect> block of opensrf_core.xml.example.  This commit adds
it and updates the release notes for 2.3 to include it.

There is also a release notes file informing users that they need to
edit opensrf_core.xml to address this issue.

Signed-off-by: Jason Stephenson <jstephenson@mvlc.org>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Bill Erickson <berick@esilibrary.com>
---
 Open-ILS/examples/opensrf_core.xml.example               | 1 +
 docs/RELEASE_NOTES_2_3.txt                               | 1 +
 .../password_reset_commit_not_secure.txt                 | 9 +++++++++
 3 files changed, 11 insertions(+)
 create mode 100644 docs/RELEASE_NOTES_NEXT/password_reset_commit_not_secure.txt

diff --git a/Open-ILS/examples/opensrf_core.xml.example b/Open-ILS/examples/opensrf_core.xml.example
index 6e0d675f0d..d2ec8eb69d 100644
--- a/Open-ILS/examples/opensrf_core.xml.example
+++ b/Open-ILS/examples/opensrf_core.xml.example
@@ -180,6 +180,7 @@ Example OpenSRF bootstrap configuration file for Evergreen
       <match_string>open-ils.auth.authenticate.verify</match_string>
       <match_string>open-ils.auth.authenticate.complete</match_string>
       <match_string>open-ils.auth_proxy.login</match_string>
+      <match_string>open-ils.actor.patron.password_reset.commit</match_string>
       <match_string>open-ils.actor.user.password</match_string>
       <match_string>open-ils.actor.user.username</match_string>
       <match_string>open-ils.actor.user.email</match_string>
diff --git a/docs/RELEASE_NOTES_2_3.txt b/docs/RELEASE_NOTES_2_3.txt
index f6f2e5cfa4..df35c62a09 100644
--- a/docs/RELEASE_NOTES_2_3.txt
+++ b/docs/RELEASE_NOTES_2_3.txt
@@ -21,6 +21,7 @@ in general activity logs, add the following XML chunk to the bottom of
       <match_string>open-ils.auth.authenticate.verify</match_string>
       <match_string>open-ils.auth.authenticate.complete</match_string>
       <match_string>open-ils.auth_proxy.login</match_string>
+      <match_string>open-ils.actor.patron.password_reset.commit</match_string>
       <match_string>open-ils.actor.user.password</match_string>
       <match_string>open-ils.actor.user.username</match_string>
       <match_string>open-ils.actor.user.email</match_string>
diff --git a/docs/RELEASE_NOTES_NEXT/password_reset_commit_not_secure.txt b/docs/RELEASE_NOTES_NEXT/password_reset_commit_not_secure.txt
new file mode 100644
index 0000000000..092d203232
--- /dev/null
+++ b/docs/RELEASE_NOTES_NEXT/password_reset_commit_not_secure.txt
@@ -0,0 +1,9 @@
+The previous log protect redaction instructions missed a method used
+by the patron initiated password reset system.  In order to fill this
+gap, you need to find the <log_protect> portion of your
+opensrf_core.xml file and add the following line:
+
+      <match_string>open-ils.actor.patron.password_reset.commit</match_string>
+
+You should see a number of similar lines already there in between
+<log_protect> and </log_protect>.
-- 
2.43.2