From c57d349e46859a52be87b325b02d3e9db9871ecf Mon Sep 17 00:00:00 2001
From: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Date: Thu, 2 May 2019 13:49:07 +0100
Subject: [PATCH] Update release notes with security bugs

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
---
 .../release_notes/release_notes_18_05_12.html | 35 ++++++++++++-------
 misc/release_notes/release_notes_18_05_12.md  | 32 ++++++++++-------
 2 files changed, 43 insertions(+), 24 deletions(-)

diff --git a/misc/release_notes/release_notes_18_05_12.html b/misc/release_notes/release_notes_18_05_12.html
index 2d1200e552..475aa41635 100644
--- a/misc/release_notes/release_notes_18_05_12.html
+++ b/misc/release_notes/release_notes_18_05_12.html
@@ -24,9 +24,20 @@ website for the Koha project is:</p>
 <li>OR in the INSTALL files that come in the tarball</li>
 </ul>
 
-<p>Koha 18.05.12 is a bugfix/maintenance release.</p>
+<p>Koha 18.05.12 is a bugfix/maintenance release with security fixes.</p>
 
-<p>It includes 1 enhancements, 31 bugfixes.</p>
+<p>It includes 4 security fixes, 1 enhancements, 31 bugfixes.</p>
+
+<h2 id="securitybugs">Security bugs</h2>
+
+<h3 id="koha">Koha</h3>
+
+<ul>
+<li><a href="http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22068">[22068]</a> Canceling article request should verify the request belongs to the borrower</li>
+<li><a href="http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22478">[22478]</a> Cross-site scripting vulnerability in paginations</li>
+<li><a href="http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22542">[22542]</a> Back browser should not allow to see other patrons details (see bug 5371)</li>
+<li><a href="http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22692">[22692]</a> Logging in via cardnumber circumvents account logout</li>
+</ul>
 
 <h2 id="enhancements">Enhancements</h2>
 
@@ -316,7 +327,7 @@ list to volunteer:</p>
 <li><a href="mailto:indradg@l2c2.co.in">Indranil Das Gupta</a></li>
 </ul></li>
 <li>Packaging Manager: <a href="mailto:mirko@abunchofthings.net">Mirko Tietgen</a></li>
-<li>Documentation Manager: Caroline Cyr La Rose</li>
+<li>Documentation Manager: Caroline Cyr-La-Rose</li>
 <li><p>Documentation Team:</p>
 
 <ul>
@@ -327,12 +338,12 @@ list to volunteer:</p>
 
 <ul>
 <li><a href="mailto:indradg@l2c2.co.in">Indranil Das Gupta</a></li>
-<li><a href="mailto:bgkriegel@gmail.com">Bernardo Gonzalez Kriegel</a></li>
+<li><a href="mailto:bgkriegel@gmail.com">Bernardo González Kriegel</a></li>
 </ul></li>
 <li><p>Wiki curators: </p>
 
 <ul>
-<li>Caroline Cyr La Rose</li>
+<li>Caroline Cyr-La-Rose</li>
 </ul></li>
 <li>Release Maintainers:
 <ul>
@@ -367,7 +378,7 @@ new features in Koha 18.05.12:</p>
 <li>Nick Clemens (3)</li>
 <li>Jonathan Druart (4)</li>
 <li>Katrin Fischer (6)</li>
-<li>Lucas Gass (5)</li>
+<li>Lucas Gass (6)</li>
 <li>Owen Leonard (8)</li>
 <li>Ere Maijala (1)</li>
 <li>Hayley Mapley (5)</li>
@@ -389,7 +400,7 @@ patches to Koha 18.05.12</p>
 <li>ACPL (8)</li>
 <li>BibLibre (7)</li>
 <li>BSZ BW (6)</li>
-<li>ByWater-Solutions (8)</li>
+<li>ByWater-Solutions (9)</li>
 <li>Catalyst (5)</li>
 <li>Coeur D'Alene Public Library (4)</li>
 <li>Independant Individuals (3)</li>
@@ -412,13 +423,11 @@ for Koha.</p>
 <li>Nick Clemens (45)</li>
 <li>Chris Cormack (4)</li>
 <li>Michal Denar (3)</li>
-<li>Devinim (1)</li>
 <li>Jonathan Druart (3)</li>
 <li>Katrin Fischer (21)</li>
-<li>Lucas Gass (50)</li>
+<li>Lucas Gass (60)</li>
 <li>Kyle Hall (4)</li>
 <li>Owen Leonard (1)</li>
-<li>Lisette (3)</li>
 <li>Ere Maijala (1)</li>
 <li>Hayley Mapley (2)</li>
 <li>Jose-Mario Monteiro-Santos (2)</li>
@@ -428,9 +437,11 @@ for Koha.</p>
 <li>Martin Renvoize (67)</li>
 <li>David Roberts (1)</li>
 <li>Marcel de Rooy (7)</li>
+<li>Lisette Scheer (3)</li>
 <li>Maryse Simard (1)</li>
 <li>Pierre-Marc Thibault (4)</li>
 <li>Bin Wen (4)</li>
+<li>Mengü Yazıcıoğlu (1)</li>
 </ul>
 
 <p>We regret any omissions.  If a contributor has been inadvertently missed,
@@ -447,7 +458,7 @@ version of Koha can be retrieved by checking out the master branch of:</p>
 </ul>
 
 <p>The branch for this version of Koha and future bugfixes in this release
-line is rmain1805.</p>
+line is 18.05.x.</p>
 
 <h2 id="bugsandfeaturerequests">Bugs and feature requests</h2>
 
@@ -461,4 +472,4 @@ tracker at:</p>
 <p>He rau ringa e oti ai.
 (Many hands finish the work)</p>
 
-<p>Autogenerated release notes updated last on 29 Apr 2019 05:13:28.</p>
+<p>Autogenerated release notes updated last on 02 May 2019 12:42:22.</p>
diff --git a/misc/release_notes/release_notes_18_05_12.md b/misc/release_notes/release_notes_18_05_12.md
index 05d899d6b1..c9a3f1694e 100644
--- a/misc/release_notes/release_notes_18_05_12.md
+++ b/misc/release_notes/release_notes_18_05_12.md
@@ -17,11 +17,19 @@ Installation instructions can be found at:
 - [Koha Wiki](http://wiki.koha-community.org/wiki/Installation_Documentation)
 - OR in the INSTALL files that come in the tarball
 
-Koha 18.05.12 is a bugfix/maintenance release.
+Koha 18.05.12 is a bugfix/maintenance release with security fixes.
 
-It includes 1 enhancements, 31 bugfixes.
+It includes 4 security fixes, 1 enhancements, 31 bugfixes.
 
 
+## Security bugs
+
+### Koha
+
+- [[22068]](http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22068) Canceling article request should verify the request belongs to the borrower
+- [[22478]](http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22478) Cross-site scripting vulnerability in paginations
+- [[22542]](http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22542) Back browser should not allow to see other patrons details (see bug 5371)
+- [[22692]](http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22692) Logging in via cardnumber circumvents account logout
 
 
 ## Enhancements
@@ -241,17 +249,17 @@ The release team for Koha 18.05.12 is
   - Jon Knight
   - [Indranil Das Gupta](mailto:indradg@l2c2.co.in)
 - Packaging Manager: [Mirko Tietgen](mailto:mirko@abunchofthings.net)
-- Documentation Manager: Caroline Cyr La Rose
+- Documentation Manager: Caroline Cyr-La-Rose
 - Documentation Team:
   - David Nind
   - Lucy Vaux-Harvey
 
 - Translation Managers: 
   - [Indranil Das Gupta](mailto:indradg@l2c2.co.in)
-  - [Bernardo Gonzalez Kriegel](mailto:bgkriegel@gmail.com)
+  - [Bernardo González Kriegel](mailto:bgkriegel@gmail.com)
 
 - Wiki curators: 
-  - Caroline Cyr La Rose
+  - Caroline Cyr-La-Rose
 - Release Maintainers:
   - 18.11 -- [Martin Renvoize](mailto:martin.renvoize@ptfs-europe.com)
   - 18.05 -- Lucas Gass
@@ -276,7 +284,7 @@ We thank the following individuals who contributed patches to Koha 18.05.12.
 - Nick Clemens (3)
 - Jonathan Druart (4)
 - Katrin Fischer (6)
-- Lucas Gass (5)
+- Lucas Gass (6)
 - Owen Leonard (8)
 - Ere Maijala (1)
 - Hayley Mapley (5)
@@ -296,7 +304,7 @@ patches to Koha 18.05.12
 - ACPL (8)
 - BibLibre (7)
 - BSZ BW (6)
-- ByWater-Solutions (8)
+- ByWater-Solutions (9)
 - Catalyst (5)
 - Coeur D'Alene Public Library (4)
 - Independant Individuals (3)
@@ -317,13 +325,11 @@ for Koha.
 - Nick Clemens (45)
 - Chris Cormack (4)
 - Michal Denar (3)
-- Devinim (1)
 - Jonathan Druart (3)
 - Katrin Fischer (21)
-- Lucas Gass (50)
+- Lucas Gass (60)
 - Kyle Hall (4)
 - Owen Leonard (1)
-- Lisette (3)
 - Ere Maijala (1)
 - Hayley Mapley (2)
 - Jose-Mario Monteiro-Santos (2)
@@ -333,9 +339,11 @@ for Koha.
 - Martin Renvoize (67)
 - David Roberts (1)
 - Marcel de Rooy (7)
+- Lisette Scheer (3)
 - Maryse Simard (1)
 - Pierre-Marc Thibault (4)
 - Bin Wen (4)
+- Mengü Yazıcıoğlu (1)
 
 
 
@@ -351,7 +359,7 @@ version of Koha can be retrieved by checking out the master branch of:
 - [Koha Git Repository](git://git.koha-community.org/koha.git)
 
 The branch for this version of Koha and future bugfixes in this release
-line is rmain1805.
+line is 18.05.x.
 
 ## Bugs and feature requests
 
@@ -363,4 +371,4 @@ tracker at:
 He rau ringa e oti ai.
 (Many hands finish the work)
 
-Autogenerated release notes updated last on 29 Apr 2019 05:13:28.
+Autogenerated release notes updated last on 02 May 2019 12:42:22.
-- 
2.39.5