Evergreen ILS

Open Source Library Software

Announcements

Security Releases: Evergreen 3.1.15, 3.2.9, 3.3.4, and 3.4-beta2

On behalf of the Evergreen contributors, we are pleased to announce the release of Evergreen 3.1.15, 3.2.9, 3.3.4, and 3.4-beta2.

The new releases can be downloaded from:

http://evergreen-ils.org/egdownloads/

THESE RELEASES CONTAIN SECURITY UPDATES.

It is recommended that all Evergreen sites upgrade to one of the new releases as soon as possible.

These releases fix two bugs related to cross-site scripting (XSS) vulnerabilities in the public catalog.

Bug 1559239: Mitigates a potential risk of having a web page location changed when opening a link in a new tab. Evergreen administrators should review whether the following templates have been customized or overridden. If so, either the template should be replaced with the stock version or the rel="noopener" attribute added to all anchor (<a/>) tags with a target="_blank" attribute.

  • Open-ILS/src/templates/opac/parts/record/summary.tt2
  • Open-ILS/src/templates/opac/parts/result/table.tt2

Bug 1822630: Resolves a problem with not properly sanitizing user input. When upgrading, Evergreen administrators should review whether any of the following templates have been customized or overridden. If so, either the template should be replaced with the stock version or the XSS fix (which entails adding the | html filter in several places) applied to the customized version.

  • Open-ILS/src/templates/opac/browse.tt2
  • Open-ILS/src/templates/opac/parts/ebook_api/base_js.tt2
  • Open-ILS/src/templates/opac/parts/header.tt2
  • Open-ILS/src/templates/opac/parts/place_hold.tt2
  • Open-ILS/src/templates/opac/parts/place_hold_result.tt2
  • Open-ILS/src/templates/opac/parts/result/adv_filter.tt2

All of these new releases also contain bugfixes that not related to the security issues. For more information on the changes in these releases, please consult their release notes:

 

Evergreen 3.2.4 and 3.1.10 released

The Evergreen Community is proud to announce two new bug fix releases: Evergreen 3.2.4 and Evergreen 3.1.10. Both releases contain bug fixes in cataloging, reports, and system administration. 3.2.4 also includes improvements to accessibility, acquisitions, circulation, search, and the Angular client. You can download these new releases at the Evergreen Downloads Page.

3.2.4 contains the following bug fixes improving on Evergreen 3.2.3:

Accessibility

  • Adds appropriate alt text to the Evergreen splash page (Bug #1802594)
  • The public catalog search box now only autofocuses when searching is the main purpose of the page (Bug #1796225)

Acquisitions

  • Fixes an issue that prevented purchase orders to not open in a new tab (Bug #1813290)

Circulation

  • The Billing History grids now save their configuration in the database (Bug #1806709)

Cataloging

  • Catalogers can now set the Bib Source in the Z39.50 Overlay and Import interfaces (Bug #1727345)
  • Fixes an issue where publishers display in the publication date column in copy buckets (Bug #1812698)
  • Electronic reources no longer display a call number called URI in the Volume Editor (Bug #1752665)
  • Spine/pocket label templates can now include circulation library and owning library (Bug #1726568)

Reports

  • Fixes an issue where external documentation links can open in the reports module (Bug #1784893)
  • Fixes an issue where publishers display as a publication date in reports (Bug #1812698)

Search

  • Staff users can now set their prefered default Advanced Search pane (Bug #1799963)
  • The public catalog search box now only autofocuses when searching is the main purpose of the page (Bug #1796225)

System administration

  • The DELETE_COPY_ALERT permission no longer needs to be granted on the consortium level (Bug #1783421)

Angular client

  • The angular client now uses Angular 7 (Bug #1801984)
  • The angular client grid actions can now be disabled depending on the criteria of which rows are selected (Bug #1808268)
  • Angular client pages now display their own titles in the browser tab, rather than AngEG (Bug #1813647)

3.1.10 contains the following bug fixes improving on Evergreen 3.1.9:

Cataloging

  • Catalogers can now set the Bib Source in the Z39.50 Overlay and Import interfaces (Bug #1727345)
  • Fixes an issue where publishers display in the publication date column in copy buckets (Bug #1812698)
  • Electronic reources no longer display a call number called URI in the Volume Editor (Bug #1752665)
  • Spine/pocket label templates can now include circulation library and owning library (Bug #1726568)

Reports

  • Fixes an issue where external documentation links can open in the reports module (Bug #1784893)
  • Fixes an issue where publishers display as a publication date in reports (Bug #1812698)

System administration

  • The DELETE_COPY_ALERT permission no longer needs to be granted on the consortium level (Bug #1783421)

Evergreen 3.1.4 and 3.0.10 released

The Evergreen community is pleased to announce two maintenance releases of Evergreen, 3.1.4 and 3.0.10.

Evergreen 3.1.4 has the following changes improving on Evergreen 3.1.3:

  • Fixes right-click issues with the Web client grids.
  • Fixes an issue with the Default SMS Carrier in the patron edit form.
  • Fixes an issue that allowed overdue notices to be sent to a patron whose long overdue item has been paid for.
  • Checking in precat items now displays the “Route to Cataloging” alert each time the item is checked in.
  • Fixes an issue where alerts that had been cleared by a check-in continued to display.
  • Fixes an issue in which the Adjust to Zero feature does not close a checked-in lost circ.
  • Deleted copies that are still checked out can now be checked in.
  • Fixes a mislabeled column in the patron checkout grid.
  • Grocery bills are no longer styled the same way as overdue bills.
  • Fixes an error with the missing pieces functionality.
  • Courier codes now display in the transit slip receipt preview.
  • Fixes several issues related to adding volumes.
  • Fixes several issues related to empty volumes.
  • Fixes several issues related to item and volume transfers.
  • Fixes several issues with checkboxes in the volume/copy editor.
  • The Item Status grid now displays OU shortnames instead of full names for the “Circulation Library” column.
  • The Volume/Copy editor now allows users to remove a value from the Age Hold Protection field.
  • Barcode completion now works in copy buckets.
  • The Z39.50 interface now notices when another record has been marked for overlay.
  • Fixes a display issue for the Remove MARC Field Groups checkboxes in the Z39.50 interface.
  • Fixes a performance issue for the Validate button in the MARC Editor.
  • Fixes an incorrect close tag in the Print Item Labels toolbar.
  • Better scoping of copy tags in search results.
  • Prevents sending invalid search.highlight_display_fields calls.
  • Electronic Resource links now open in a new tab.
  • Fixes an issue with the fiscal year close-out operation.

Evergreen 3.0.10 has the following changes improving on Evergreen 3.0.9:

  • Fixes right-click issues with the Web client grids.
  • Fixes an issue with the Default SMS Carrier in the patron edit form.
  • Fixes an issue that allowed overdue notices to be sent to a patron whose long overdue item has been paid for.
  • Checking in precat items now displays the “Route to Cataloging” alert each time the item is checked in.
  • Fixes an issue in which the Adjust to Zero feature does not close a checked-in lost circ.
  • Deleted copies that are still checked out can now be checked in.
  • Fixes a mislabeled column in the patron checkout grid.
  • Fixes an error with the missing pieces functionality.
  • Courier codes now display in the transit slip receipt preview.
  • The Item Status grid now displays OU shortnames instead of full names for the “Circulation Library” column.
  • The Volume/Copy editor now allows users to remove a value from the Age Hold Protection field.
  • Barcode completion now works in copy buckets.
  • The Z39.50 interface now notices when another record has been marked for overlay.
  • Fixes a display issue for the Remove MARC Field Groups checkboxes in the Z39.50 interface.
  • Fixes a performance issue for the Validate button in the MARC Editor.
  • Fixes an incorrect close tag in the Print Item Labels toolbar.
  • Better scoping of copy tags in search results.
  • Electronic Resource links now open in a new tab.
  • Fixes an issue with the fiscal year close-out operation.
  • Improves serials item deletes.

Please visit the Evergreen downloads page to download the upgraded software and to read full release notes. Many thanks to everyone who contributed to the releases! Buildmasters for this round were Blake Henderson and Chris Sharp, and release notes were prepared by Jane Sandberg.