From c4d16bba029e3065a763d093cf8614bea5d849ed Mon Sep 17 00:00:00 2001 From: Liz Rea Date: Tue, 23 Jun 2015 21:13:13 +1200 Subject: [PATCH] Minor release note update --- misc/release_notes/release_notes_3_18_8.txt | 36 ++++++++++++++------- 1 file changed, 25 insertions(+), 11 deletions(-) diff --git a/misc/release_notes/release_notes_3_18_8.txt b/misc/release_notes/release_notes_3_18_8.txt index 66dad26640..6f4ac047fe 100644 --- a/misc/release_notes/release_notes_3_18_8.txt +++ b/misc/release_notes/release_notes_3_18_8.txt @@ -21,7 +21,7 @@ Installation instructions can be found at: Koha 3.18.8 is a bugfix/maintenance release. - +This release contains critical security fixes, all users of this version are highly recommended to upgrade as soon as is reasonable. Critical bugs fixed in 3.18.8 @@ -32,10 +32,22 @@ Circulation ---------- 12066 major New renew page in staff client doesn't record branch in statistics +OPAC +---------- + 14412 critical SQL Injection in OPAC Interface + 14360 major XSS Injection point + 14418 major XSS Flaws in OPAC Interface + Packaging ---------- 14106 major Koha-conf paths to zebra libraries are wrong in jessie +Staff Client +---------- + 14408 critical Path traversal vulnerabilty + 14426 critical SQL Injection in Staff Client + 14423 major Multiple XSS and XSRF issues in Staff Client + Tools ---------- 10625 major Inventory/Stocktaking tool cannot handle windows file uploads @@ -119,13 +131,12 @@ translate.koha-community.org 14285 trivial Bengali locale needs to be re-defined - System requirements ====================== Important notes: - - * With this release, Koha 3.18 is now compatible with Debian Jessie. + + * This release makes Koha 3.18 compatible with Debian Jessie * Perl 5.10 is required * Zebra is required @@ -196,6 +207,9 @@ The release team for Koha 3.18.8 is Zeno Tajoli Packaging Manager: Robin Sheat + Release Maintainer (3.16.x): Galen Charlton + Release Maintainer (3.14.x): Fridolin Somers + Release Maintainer (3.12.x): Kyle Hall Credits ====================== @@ -217,10 +231,10 @@ We thank the following individuals who contributed patches to Koha 3.18.8. * Jonathan Druart (7) * Magnus Enger (1) * Katrin Fischer (3) - * Bernardo González Kriegel (4) + * Bernardo González Kriegel (5) * Kyle M Hall (3) * Dobrica Pavlinusic (1) - * Liz Rea (4) + * Liz Rea (8) * Robin Sheat (2) * Zeno Tajoli (1) * Mark Tompsett (3) @@ -241,11 +255,11 @@ patches to Koha 3.18.8 * Prosentient Systems (2) * Rijksmuseum (4) * Theke Solutions (1) - * Universidad Nacional de Córdoba (4) + * Universidad Nacional de Córdoba (5) * koha-community.org (4) * psi.unc.edu.ar (1) * rot13.org (1) - * unidentified (16) + * unidentified (20) * veron.ch (2) We also especially thank the following individuals who tested patches @@ -257,7 +271,7 @@ for Koha 3.18.8. * Gaetan Boisson (1) * Jonathan Druart (30) * Katrin Fischer (28) - * Liz Rea (52) + * Liz Rea (54) * Marc Veron (1) * Marc Véron (8) * Mark Tompsett (5) @@ -281,7 +295,7 @@ version of Koha can be retrieved by checking out the master branch of git://git.koha-community.org/koha.git -The branch for this version of Koha and future bugfixes in this release line is security-3.18.x. +The branch for this version of Koha and future bugfixes in this release line is rmaint-3.18.x. The last Koha release was 3.14.10, which was released on September 4, 2014. @@ -298,4 +312,4 @@ tracker at He rau ringa e oti ai. (Many hands finish the work) -##### Autogenerated release notes updated last on 23 Jun 2015 01:20:06 Z ##### +##### Autogenerated release notes updated last on 23 Jun 2015 09:09:54 Z ##### -- 2.39.5