- OR in the INSTALL files that come in the tarball
Koha 22.05.15 is a bugfix/maintenance release.
Koha 22.05.16 is a bugfix/maintenance release.
It includes 5 bugfixes.
It includes 3 enhancements, 12 bugfixes, and 3 security fixes.
**System requirements**
You can learn about the system components (like OS and database) needed for running Koha on the [community wiki](https://wiki.koha-community.org/wiki/System_requirements_and_recommendations).
#### Security bugs
- [22990](http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22990) Add CSRF protection to boraccount, pay, suggestions and virtualshelves on staff
- [30524](http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30524) Add base framework for dealing with CSRF in Koha
- [34023](http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34023) HTML injection in "back to results" link from search page
- [34368](http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34368) Add CSRF protection to Content Management pages
- [34349](http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34349) Validate inputs for task scheduler
- [34369](http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34369) Add CSRF protection to system preferences
- [34513](http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34513) Authenticated users can bypass permissions and view some privileged pages
## Bugfixes
### Command-line Utilities
### Acquisitions
#### Other bugs fixed
- [33939](http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33939) JavaScript needs to distinguish between order budgets and default budgets when adding to staged file form a basket
### Architecture, internals, and plumbing
#### Other bugs fixed
- [34243](http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34243) Too many cities are created (at least in comments)
- [34303](http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34303) t/00-testcritic.t should only test files part of git repo
- [34316](http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34316) account->add_credit does not rethrow exception
### Cataloging
#### Other bugs fixed
- [34097](http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34097) Using the three ellipses to set the date accessioned for an item repositions the screen to the top
- [34182](http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34182) AddBiblio shouldn't set biblio.serial based on biblio.seriestitle
### Circulation
#### Critical bugs fixed
- [34279](http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34279) overduefinescap of 0 is ignored, but overduefinescap of 0.00 is enforced
- [34601](http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34601) Cannot manage suggestions without CSRF error
#### Other bugs fixed
- [33717](http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33717) Typo in search_for_data_inconsistencies.pl
- [33992](http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33992) Only consider the date when labelling a waiting recall as problematic
**Sponsored by** *Auckland University of Technology*
### Patrons
#### Other bugs fixed
- [33132](http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33132) Searching by DOB still broken in 22.05.x
### Templates
#### Other bugs fixed
- [34184](http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34184) "Document type" in suggestions form should have an empty entry