From 78f7aa74cf8c2c5362cfafc2267c4968e7e78d03 Mon Sep 17 00:00:00 2001
From: Lucas Gass <lucas@bywatersolutions.com>
Date: Thu, 29 Feb 2024 16:06:56 +0000
Subject: [PATCH] Fix release notes for 23.05.09 part 2

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
---
 misc/release_notes/release_notes_23_05_09.html | 13 ++++++++++++-
 misc/release_notes/release_notes_23_05_09.md   | 10 +++++++++-
 2 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/misc/release_notes/release_notes_23_05_09.html b/misc/release_notes/release_notes_23_05_09.html
index 05a4e5e7b2..b45b190e90 100644
--- a/misc/release_notes/release_notes_23_05_09.html
+++ b/misc/release_notes/release_notes_23_05_09.html
@@ -26,12 +26,23 @@ website for the Koha project is:</p>
 
 <p>Koha 23.05.09 is a bugfix/maintenance release.</p>
 
-<p>It includes 2 enhancements, 40 bugfixes.</p>
+<p>It includes 6 security fixes, 2 enhancements, and 40 bugfixes.</p>
 
 <p><strong>System requirements</strong></p>
 
 <p>You can learn about the system components (like OS and database) needed for running Koha on the <a href="https://wiki.koha-community.org/wiki/System_requirements_and_recommendations">community wiki</a>.</p>
 
+<h4 id="securitybugs">Security bugs</h4>
+
+<ul>
+<li><a href="http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29510">29510</a> objects.find should call search_limited if present</li>
+<li><a href="http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34623">34623</a> Update jQuery-validate plugin to 1.20.0</li>
+<li><a href="http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35890">35890</a> AutoLocation system preference + setting the library IP field - can still login and unexpected results</li>
+<li><a href="http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35918">35918</a> Incorrect library used when AutoLocation configured using the same IP</li>
+<li><a href="http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35942">35942</a> OPAC user can enroll several times to the same club</li>
+<li><a href="http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36072">36072</a> Can request articles even if ArticleRequests is off</li>
+</ul>
+
 <h2 id="bugfixes">Bugfixes</h2>
 
 <h3 id="about">About</h3>
diff --git a/misc/release_notes/release_notes_23_05_09.md b/misc/release_notes/release_notes_23_05_09.md
index 6814e0c9f1..19be8aba8e 100644
--- a/misc/release_notes/release_notes_23_05_09.md
+++ b/misc/release_notes/release_notes_23_05_09.md
@@ -19,12 +19,20 @@ Installation instructions can be found at:
 
 Koha 23.05.09 is a bugfix/maintenance release.
 
-It includes 2 enhancements, 40 bugfixes.
+It includes 6 security fixes, 2 enhancements, and 40 bugfixes.
 
 **System requirements**
 
 You can learn about the system components (like OS and database) needed for running Koha on the [community wiki](https://wiki.koha-community.org/wiki/System_requirements_and_recommendations).
 
+#### Security bugs
+
+- [29510](http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29510) objects.find should call search_limited if present
+- [34623](http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34623) Update jQuery-validate plugin to 1.20.0
+- [35890](http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35890) AutoLocation system preference + setting the library IP field - can still login and unexpected results
+- [35918](http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35918) Incorrect library used when AutoLocation configured using the same IP
+- [35942](http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35942) OPAC user can enroll several times to the same club
+- [36072](http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36072) Can request articles even if ArticleRequests is off
 
 ## Bugfixes
 
-- 
2.39.5