From 09fa9e166a60586cd9f4d1060157043cd66f3c6d Mon Sep 17 00:00:00 2001 From: Galen Charlton Date: Wed, 2 Oct 2019 17:27:16 -0400 Subject: [PATCH] forward-port 3.4 release notes Signed-off-by: Galen Charlton --- docs/RELEASE_NOTES_3_4.adoc | 33 +++------------------------------ 1 file changed, 3 insertions(+), 30 deletions(-) diff --git a/docs/RELEASE_NOTES_3_4.adoc b/docs/RELEASE_NOTES_3_4.adoc index 27e8b9c898..9c6716fc7b 100644 --- a/docs/RELEASE_NOTES_3_4.adoc +++ b/docs/RELEASE_NOTES_3_4.adoc @@ -3,36 +3,9 @@ Evergreen 3.4 Release Notes :toc: :numbered: -Evergreen 3.4-beta2 -------------------- -The Evergreen 3.4-beta2 release includes security fixes for cross-site scripting -(XSS) vulnerabilities in the Evergreen public catalog. Testers of the Evergreen -3.4-beta1 release are encouraged to install this release, which does not -include any database updates since the beta 1. - -Security Issue: XSS Vulnerability in Public Catalog -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -This release fixes several cross-site scripting (XSS) vulnerabilities -in the public catalog. When upgrading, Evergreen administrators should -review whether any of the following templates have been customized -or overridden. If so, either the template should be replaced with the -stock version or the XSS fix (which entails adding the `| html` filter -in several places) applied to the customized version. - - * `Open-ILS/src/templates/opac/browse.tt2` - * `Open-ILS/src/templates/opac/parts/ebook_api/base_js.tt2` - * `Open-ILS/src/templates/opac/parts/header.tt2` - * `Open-ILS/src/templates/opac/parts/place_hold.tt2` - * `Open-ILS/src/templates/opac/parts/place_hold_result.tt2` - * `Open-ILS/src/templates/opac/parts/result/adv_filter.tt2` - -They should also review the following templates. If these templates have -been customized or overridden, either the template should be replaced with -the stock version or the XSS fix (which entails adding `rel="nofollow` to -external links) applied to the customized version. - -* `Open-ILS/src/templates/opac/parts/record/summary.tt2` -* `Open-ILS/src/templates/opac/parts/result/table.tt2` +Evergreen 3.4.0 +--------------- +The Evergreen 3.4.0 release is a major feature release. Upgrade notes ------------- -- 2.11.0