From b06a26fa83f6af37ee098ac0101deff786beca6e Mon Sep 17 00:00:00 2001
From: Katrin Fischer <katrin.fischer.83@web.de>
Date: Wed, 23 Aug 2017 21:12:45 +0200
Subject: [PATCH] Update release notes with security bugs

---
 .../release_notes/release_notes_16_11_11.html | 27 ++++++++++++++++---
 misc/release_notes/release_notes_16_11_11.md  | 27 +++++++++++++++----
 2 files changed, 46 insertions(+), 8 deletions(-)

diff --git a/misc/release_notes/release_notes_16_11_11.html b/misc/release_notes/release_notes_16_11_11.html
index fcfe34c713..5816ac8471 100644
--- a/misc/release_notes/release_notes_16_11_11.html
+++ b/misc/release_notes/release_notes_16_11_11.html
@@ -24,9 +24,30 @@ website for the Koha project is:</p>
 <li>OR in the INSTALL files that come in the tarball</li>
 </ul>
 
-<p>Koha 16.11.11 is a bugfix/maintenance release.</p>
-
-<p>It includes 3 enhancements, 16 bugfixes.</p>
+<p>Koha 16.11.11 is a security release.</p>
+
+<p>It includes 3 enhancements, 32 bugfixes.</p>
+
+<h2 id="securitybugsfixed">Security bugs fixed</h2>
+
+<ul>
+<li><a href="http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19035">[19035]</a> Stored XSS in patron lists - lists.pl</li>
+<li><a href="http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19114">[19114]</a> Stored XSS in parcels.pl</li>
+<li><a href="http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19112">[19112]</a> Stored XSS in basketheader.pl page</li>
+<li><a href="http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19110">[19110]</a> XSS Stored in branches.pl</li>
+<li><a href="http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19100">[19100]</a> XSS Flaws in memberentry.pl</li>
+<li><a href="http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19105">[19105]</a> XSS Stored in holidays.pl</li>
+<li><a href="http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16069">[16069]</a> XSS issue in basket.pl</li>
+<li><a href="http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19079">[19079]</a> XSS Flaws in Membership page</li>
+<li><a href="http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19033">[19033]</a> XSS Flaws in Currencies and exchange page</li>
+<li><a href="http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19034">[19034]</a> XSS Flaws in- Cities - Z39.50/SRU servers administration - Patron categories pages</li>
+<li><a href="http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19050">[19050]</a> XSS Flaws in Quick spine label creator</li>
+<li><a href="http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19051">[19051]</a> XSS Flaws in - Batch record deletion page - Batch item deletion page - Batch item modification page</li>
+<li><a href="http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19052">[19052]</a> XSS Flaws in - vendor search page - Invoice search page</li>
+<li><a href="http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19054">[19054]</a> XSS Flaws in Report - Top Most-circulated items</li>
+<li><a href="http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19078">[19078]</a> XSS Flaws in System preferences</li>
+<li><a href="http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18726">[18726]</a> OPAC XSS - biblionumber</li>
+</ul>
 
 <h2 id="enhancements">Enhancements</h2>
 
diff --git a/misc/release_notes/release_notes_16_11_11.md b/misc/release_notes/release_notes_16_11_11.md
index 71d5c4a9d5..4313f6f364 100644
--- a/misc/release_notes/release_notes_16_11_11.md
+++ b/misc/release_notes/release_notes_16_11_11.md
@@ -17,11 +17,28 @@ Installation instructions can be found at:
 - [Koha Wiki](http://wiki.koha-community.org/wiki/Installation_Documentation)
 - OR in the INSTALL files that come in the tarball
 
-Koha 16.11.11 is a bugfix/maintenance release.
-
-It includes 3 enhancements, 16 bugfixes.
-
-
+Koha 16.11.11 is a security release.
+
+It includes 3 enhancements, 32 bugfixes.
+
+## Security bugs fixed
+
+- [[19035]](http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19035) Stored XSS in patron lists - lists.pl
+- [[19114]](http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19114) Stored XSS in parcels.pl
+- [[19112]](http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19112) Stored XSS in basketheader.pl page
+- [[19110]](http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19110) XSS Stored in branches.pl
+- [[19100]](http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19100) XSS Flaws in memberentry.pl
+- [[19105]](http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19105) XSS Stored in holidays.pl
+- [[16069]](http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16069) XSS issue in basket.pl
+- [[19079]](http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19079) XSS Flaws in Membership page
+- [[19033]](http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19033) XSS Flaws in Currencies and exchange page
+- [[19034]](http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19034) XSS Flaws in- Cities - Z39.50/SRU servers administration - Patron categories pages
+- [[19050]](http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19050) XSS Flaws in Quick spine label creator
+- [[19051]](http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19051) XSS Flaws in - Batch record deletion page - Batch item deletion page - Batch item modification page
+- [[19052]](http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19052) XSS Flaws in - vendor search page - Invoice search page
+- [[19054]](http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19054) XSS Flaws in Report - Top Most-circulated items
+- [[19078]](http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19078) XSS Flaws in System preferences
+- [[18726]](http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18726) OPAC XSS - biblionumber
 
 
 ## Enhancements
-- 
2.39.5