:toc:
:numbered:
+Evergreen 2.11.4
+----------------
+
+This release contains several bug fixes improving on Evergreen 2.11.3.
+
+* A fix to avoid fetching and creating EDI message entries that the
+system cannot parse.
+* A fix to prevent staff users from marking a long overdue item as lost
+so that the patron will not be billed twice for the same item.
+* A fix to the link that is used on the catalog's Library Info page so
+that links with anchors can be successfully retrieved.
+* A replacement for the blank fallback image used when the catalog cannot
+retrieve an added content book cover.
+* An EDI fix that prevents EDI fetcher from crashing when the vendor
+supplies a zero-length file.
+* A fix to an issue where adjusting a bill to zero for a current checkout
+prematurely closes the transaction.
+* A fix to encoding problems in MODS output. These problems caused issues
+when using Zotero with records in the catalog.
+* A fix to Evergreen self-check to accept the user name value when a barcode
+regex has been configured for the system.
+* A fix to duplicate name checking in the patron registration screen so that
+clicking the "Found x patron(s) with same name" link will retrieve potential
+duplicate inactive patrons.
+* A fix to the bower install step used when installing the web staff client.
+* A fix that marks a hold as fulfilled when staff check out a hold-
+captured item for a hold whose expire time is in the past.
+* A change to the acquisitions funding source funds drop down menu so that
+the menu will now only display active funds and will also display the
+year alongside the fund.
+* A fix to a problem where the Current Bills tab of the patron record
+showed duplicate charges when a check in was done from the Items Out tab.
+* A fix that hides the option to add to My Lists from the staff client since this functionality does not work as expected in the staff client.
+* A change to the fund year selectors in acq interfaces so that the years
+are sorted in descending order.
+* A fix to a billing issue where transactions were not re-opened after
+they acquired a non-zero balance at check in.
+* A change to the default pickup library when staff place a hold. The place hold
+screen will now default to the preferred pickup location for the patron. If the
+patron does not have a preferred pickup location, it will default to the
+patron's home library.
+* The ability to skip the XUL staff client build when in make_release.
+* A fix that silences a log warning that appears for every checkout where a hard
+due date is not used.
+
+Acknowledgements
+~~~~~~~~~~~~~~~~
+We would like to thank the following individuals who contributed code,
+testing and documentation patches to the 2.10.11 point release of
+Evergreen:
+
+* Jason Boyer
+* Eva Cerniňáková
+* Galen Charlton
+* Jeff Davis
+* Bill Erickson
+* Jason Etheridge
+* Debbie Luchenbill
+* Kathy Lussier
+* Christine Morgan
+* Michele Morgan
+* Terran McCanna
+* Jane Sandberg
+* Jonathan Schatz
+* Dan Scott
+* Ben Shum
+* Jason Stephenson
+* Remington Steed
+* Josh Stompro
+* Dan Wells
+* Bob Wicksall
+
+
+Evergreen 2.11.3
+----------------
+This is a security release that also contains several other bugfixes improving
+on Evergreen 2.11.2. All users of Evergreen 2.11.x are recommended to upgrade
+to 2.11.3 as soon as possible.
+
+Security Issue: Credit Processor Stripe Settings Permissions
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+Unprivileged users can retrieve organizational unit setting values for
+setting types lacking a "view" permission. When the feature adding
+Stripe credit card processing was added, the upgrade script neglected
+to add the VIEW_CREDIT_CARD_PROCESSING permission to the
+organizational unit setting type. This means that anyone can retrieve
+and view the settings for Stripe credit card processing.
+
+Any system that upgraded from Evergreen version 2.5 to 2.6 is
+affected. If you use Stripe for credit card processing, it is
+strongly recommended that you apply this upgrade. Even if you do not
+use Stripe, applying this upgrade is still recommended. If you did
+not upgrade from version 2.5 to 2.6 of Evergreen, but started with a
+later version, applying this upgrade is harmless.
+
+If you are not ready to perform a full upgrade, and if you use Stripe,
+you can protect the settings by running the following two SQL statements:
+
+[source,sql]
+----
+UPDATE config.org_unit_setting_type
+ SET view_perm = (SELECT id FROM permission.perm_list
+ WHERE code = 'VIEW_CREDIT_CARD_PROCESSING' LIMIT 1)
+ WHERE name LIKE 'credit.processor.stripe%' AND view_perm IS NULL;
+
+UPDATE config.org_unit_setting_type
+ SET update_perm = (SELECT id FROM permission.perm_list
+ WHERE code = 'ADMIN_CREDIT_CARD_PROCESSING' LIMIT 1)
+ WHERE name LIKE 'credit.processor.stripe%' AND update_perm IS NULL;
+----
+
+Missing Upgrade Script Notice
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+It was recently discovered that the 2.11.2 tarball was missing the
+upgrade script for 2.11.1. If you upgraded straight to 2.11.2 from
+2.11.0 or prior, please make sure to apply the
+2.11.0-2.11.1-upgrade-db.sql before moving on to the 2.11.3 script.
+
+Other Fixes
+~~~~~~~~~~~
+Evergreen 2.11.3 also contains the following bugfixes:
+
+* A fix to correctly apply floating group settings when performing
+no-op checkins.
+* An improvement to the speed of looking up patrons by their username;
+this is particularly important for large databases.
+* A fix to properly display the contents of temporary lists ('My List') in the
+public catalog, as well as a fix of the HTML coding of that page.
+* A fix to the Spanish translation of the public catalog that could
+cause catalog searches to fail.
+* A fix of a problem where certain kinds of requests of information
+about the organizational unit hierarchy to consume all available
+`open-ils.cstore` backends.
+* A fix to allow staff to use the 'place another hold' link without
+running into a user interface loop.
+* A fix to the 'Edit Due Date' form in the web staff client.
+* A fix to the definition of the stock 'Full Overlay' merge profile.
+* A fix to sort billing types in alphabetical order in the web staff
+client.
+* A fix to the display of the popularity score in the public catalog.
+* A fix to the 'return to grouped search results' link in the public
+catalog.
+* A fix to allow pre-cat checkouts in the web staff client without requiring
+a circulation modifier.
+* A fix to how Action/Trigger event definitions with nullable grouping
+fields handle null values.
+* Other typo and documentation fixes.
+
+Acknowledgements
+~~~~~~~~~~~~~~~~
+We would like to thank the following individuals who contributed code,
+testing and documentation patches to the 2.11.3 point release of
+Evergreen:
+
+* Ben Shum
+* Bill Erickson
+* Blake Henderson
+* Chris Sharp
+* Christine Burns
+* Dan Wells
+* Galen Charlton
+* Jane Sandberg
+* Jason Boyer
+* Jason Etheridge
+* Jason Stephenson
+* Jeanette Lundgren
+* Josh Stompro
+* Kathy Lussier
+* Kyle Huckins
+* Mike Rylander
+
Evergreen 2.11.2
----------------
projects / evergreen / joelewis.git / commitdiff