:numbered:
:toclevels: 4
+== Evergreen 3.10.2 ==
+
+This release contains bug fixes improving on Evergreen 3.10.1. This release also includes
+fixes for three security bugs.
+
+
+=== Upgrade notes ===
+
+* https://bugs.launchpad.net/evergreen/+bug/1972738[Bug 1972738] requires a schema update
+* https://bugs.launchpad.net/evergreen/+bug/1920826[Bug 1920826] requires a schema update
+* https://bugs.launchpad.net/evergreen/+bug/2009073[Bug 2009073] requires a schema update. Sites that have customized styles for the `oils_SH` CSS class should review their changes upon upgrade.
+
+=== Security Fixes ===
+
+==== Fix SQL Injection Vulnerability ====
+
+An SQL injection vulnerability related to the implementation of
+search term highlights is now closed.
+
+This is https://bugs.launchpad.net/evergreen/+bug/2004055[Bug 2004055].
+
+==== Malicious Search Protection ====
+
+Evergreen sometimes sees some "novel" query strings in the wild that
+cause the search backend to time out or worse. These are sometimes
+malicious and sometimes accidental, but the effect on users is the
+same.
+
+The changes here improve query compilation in several respects in order
+to reduce the chances of an overly complex query causing problems for
+the search subsystem.
+
+More work is done up front to simplify and combine parts of the
+resulting SQL, allowing more work to be done closer to the data.
+This change allows Evergreen to handle many more tested or chained
+boolean expressions, and negated terms are now handled directly in
+line with other adjacent terms. Phrases (exact matches) are now
+searched for using Postgres' adjacency tsearch operator.
+
+All of these changes work together to improve performance by getting
+more search work done in fewer database operations while protecting
+against certain query constructs that have caused problems in the
+past.
+
+This is https://bugs.launchpad.net/evergreen/+bug/1775958[Bug 1775958].
+
+==== Restrict login redirect ====
+
+As a security best-practice, Evergreen should not allow arbitrary
+redirection on successful login, but instead limit redirection to
+local links or configured domains and schemes.
+
+This feature is controlled by a new global flag called *opac.login_redirect_domains*
+which must contain a comma-separated list of domains. All hostnames
+under each domain is allowed for redirect, and the scheme of the
+redirect URL must be one of http, https, ftp, or ftps.
+
+This is https://bugs.launchpad.net/evergreen/+bug/1908576[Bug 1908576].
+
+=== Bug Fixes ===
+
+==== Accessibility ====
+
+* Fixes duplicate ID in staff catalog bib actions (https://bugs.launchpad.net/evergreen/+bug/2016341[Bug 2016341])
+* Adds empty alt attributes for images and icons that already have equivalent text representation (https://bugs.launchpad.net/evergreen/+bug/2018208[Bug 2018208])
+* Adds labeling to captcha math problem in OPAC (https://bugs.launchpad.net/evergreen/+bug/2015141[Bug 2015141])
+* Fixes tab order in adminitration splash pages (https://bugs.launchpad.net/evergreen/+bug/2015137)
+* Fixes default modal background color (https://bugs.launchpad.net/evergreen/+bug/2008918[Bug 2008918])
+* Adds aria-label to staff catalog search +/- buttons (https://bugs.launchpad.net/evergreen/+bug/2002363[Bug 2002363])
+* Adds H1 headings to staff pages (https://bugs.launchpad.net/evergreen/+bug/1994711[Bug 1994711])
+* Fixes headings hierarchy and source order on staff catalog search results (https://bugs.launchpad.net/evergreen/+bug/2009865[Bug 2009865])
+* Fixes highlight contrast & semantic markup in staff catalog & Bootstrap OPAC search results (https://bugs.launchpad.net/evergreen/+bug/2009073[Bug 2009073])
+* Adds ARIA landmarks and roles for various Angular staff interfaces
+(https://bugs.launchpad.net/evergreen/+bug/1615707[Bug 1615707])
+* Fixes color contrast in staff search results pagination (https://bugs.launchpad.net/evergreen/+bug/2018326[Bug 2018326])
+* Adds accessible names to purchase order checkboxes (https://bugs.launchpad.net/evergreen/+bug/2009092[Bug 2009092])
+
+==== Acquisitions ====
+
+* Fixes line item ID link in Acq Search so the PO opens and then jumps to the correct line item (https://bugs.launchpad.net/evergreen/+bug/2003946[Bug 2003946])
+
+==== Administration ====
+
+* Deduplicates entries in ils_events.xml (https://bugs.launchpad.net/evergreen/+bug/1369345[Bug 1369345])
+* Encourages distinct results when querying ahopl IDL source (https://bugs.launchpad.net/evergreen/+bug/1964986[Bug 1964986])
+* Restores missing database updates for version-upgrade from 3.5.1 to 3.6.0 (https://bugs.launchpad.net/evergreen/+bug/1920826[Bug 1920826])
+* Improved error handling by open-ils.pcrud (https://bugs.launchpad.net/evergreen/+bug/1808016[Bug 1808016])
+
+==== Catalog ====
+
+* Adds consistency to SMS Carrier dropdown display (https://bugs.launchpad.net/evergreen/+bug/1889916[Bug 1889916])
+
+==== Cataloging ====
+
+* Ensures authority linker is working in all embedded MARC editors (https://bugs.launchpad.net/evergreen/+bug/1716479[Bug 1716479])
+
+==== Circulation ====
+
+* Adds a note to the Mark Patron Email Invalid function (https://bugs.launchpad.net/evergreen/+bug/1752334[Bug 1752334])
+* Treats empty string as null for preferred name field (https://bugs.launchpad.net/evergreen/+bug/1996651[Bug 1996651])
+* Fixes incorrect total circs in Item Status Detail View (https://bugs.launchpad.net/evergreen/+bug/2018534[Bug 2018534])
+* Removes irrelevant actions from Hold Shelf actions menu (https://bugs.launchpad.net/evergreen/+bug/2004052[Bug 2004052])
+* Removes patron information from the 'Check Out Staff' field in Item Status Circ History list (https://bugs.launchpad.net/evergreen/+bug/2001728[Bug 2001728])
+* Fixes a caching issue that occasionally caused incorrect holds addresses to print on transit slips (https://bugs.launchpad.net/evergreen/+bug/1778567[Bug 1778567])
+
+==== Client ====
+
+* Adds index to speed up display of the Hopeless Holds interface in large systems (https://bugs.launchpad.net/evergreen/+bug/1972738[Bug 1972738])
+* Adds validator to Survey Date so surveys can not be created with an end date before their start date (https://bugs.launchpad.net/evergreen/+bug/1879517[Bug 1879517])
+* Quiets extraneous console noise in some AngularJS grids (https://bugs.launchpad.net/evergreen/+bug/2013223[Bug 2013223])
+* Restores correct link to AngularJS Patron Requests interface (https://bugs.launchpad.net/evergreen/+bug/2019150[Bug 2019150])
+* Fixes Angular multi-select component to add a special case for shelving locations (https://bugs.launchpad.net/evergreen/+bug/1863387[Bug 1863387])
+
+==== Course Materials ====
+
+* Fixes circ modifier column in Course Materials grid (https://bugs.launchpad.net/evergreen/+bug/1972917[Bug 1972917])
+
+==== Documentation ====
+
+* Fixes to Server Installation documentation
+* Updates to Record Buckets documentation (https://bugs.launchpad.net/evergreen/+bug/1845253[Bug 1845253])
+* Updates to Fonts & Sound Settings documentation
+* Adds documentation for OpenAthens (https://bugs.launchpad.net/evergreen/+bug/1998921[Bug 1998921])
+
+==== OPAC ====
+
+* Fixes button styling in Boostrap OPAC (https://bugs.launchpad.net/evergreen/+bug/1981774[Bug 1981774])
+* Adjusts functionality of "Where" button in OPAC (https://bugs.launchpad.net/evergreen/+bug/1970476[Bug 1970476])
+* Fixes Google Books preview when loading from search results page (https://bugs.launchpad.net/evergreen/+bug/1791791(Bug 1791791)
+* Fixes label alignment in MyAccount Circ History (https://bugs.launchpad.net/evergreen/+bug/2015481[Bug 2015484])
+
+
+==== Miscellaneous ====
+
+* Adds fixes to AngularJS test suite (https://bugs.launchpad.net/evergreen/+bug/1915326[Bug 1915326])
+
+
+
+=== Acknowledgements ===
+
+We would like to thank the following individuals who contributed code, testing, and documentation to the 3.10.2 point release of Evergreen:
+
+* John Amundson
+* Jason Boyer
+* Dan Briem
+* Galen Charlton
+* Garry Collum
+* Jeff Davis
+* Britta Dorsey
+* Ruth Frasur
+* Blake Graham-Henderson
+* Stephanie Leary
+* Tiffany Little
+* Terran McCanna
+* Chrystal Messam
+* Gina Monti
+* Christine Morgan
+* Michele Morgan
+* Susan Morrison
+* Andrea Buntz Neiman
+* Jennifer Pringle
+* Mike Rylander
+* Jane Sandberg
+* Chris Sharp
+* Jason Stephenson
+* Josh Stompro
+* Jennifer Weston
+* Beth Willis
+
+
+
+
+
== Evergreen 3.10.1 ==
This release contains bug fixes improving on Evergreen 3.10.0. This release includes
projects / Evergreen.git / commitdiff