From 96cf4e408f5fdbe981e8471e3cd3b357aefee16c Mon Sep 17 00:00:00 2001 From: Galen Charlton Date: Mon, 27 Mar 2023 11:50:39 -0400 Subject: [PATCH] clear RELEASE_NOTES_NEXT after releease of 3.9.2 Signed-off-by: Galen Charlton --- docs/RELEASE_NOTES_NEXT/Architecture/DoS-protection.adoc | 10 ---------- docs/RELEASE_NOTES_NEXT/OPAC/qtype-param-protection.adoc | 11 ----------- docs/RELEASE_NOTES_NEXT/OPAC/stripe_user_id.adoc | 5 ----- docs/RELEASE_NOTES_NEXT/miscellaneous.adoc | 3 --- 4 files changed, 29 deletions(-) delete mode 100644 docs/RELEASE_NOTES_NEXT/Architecture/DoS-protection.adoc delete mode 100644 docs/RELEASE_NOTES_NEXT/OPAC/qtype-param-protection.adoc delete mode 100644 docs/RELEASE_NOTES_NEXT/OPAC/stripe_user_id.adoc diff --git a/docs/RELEASE_NOTES_NEXT/Architecture/DoS-protection.adoc b/docs/RELEASE_NOTES_NEXT/Architecture/DoS-protection.adoc deleted file mode 100644 index 929c36a3aa..0000000000 --- a/docs/RELEASE_NOTES_NEXT/Architecture/DoS-protection.adoc +++ /dev/null @@ -1,10 +0,0 @@ -== DoS Protection == - -Here we add two ways to protect against denial of service attacks: - * Limit concurrent search requests per client IP address - ** This helps address issues of accidental spamming from a malfunctioning OPAC workstation, or web crawlers of various types. The limit is controlled by a global flag called *opac.max_concurrent_search.ip*. By default there is no limit set. - * Limit the global concurrent search requests for the same query - ** This helps address both simple and distributed DoS that send the same search request over and over. The limit is controlled by a global flag called *opac.max_concurrent_search.query*, and defaults to 20. - -When a limit is exceeded the client receives an HTTP 429 "Too many requests" response from the web server, and the connection is ended. - diff --git a/docs/RELEASE_NOTES_NEXT/OPAC/qtype-param-protection.adoc b/docs/RELEASE_NOTES_NEXT/OPAC/qtype-param-protection.adoc deleted file mode 100644 index a4931b5bd1..0000000000 --- a/docs/RELEASE_NOTES_NEXT/OPAC/qtype-param-protection.adoc +++ /dev/null @@ -1,11 +0,0 @@ -== Protect qtype CGI parameter == - -Malicious DoS attempts have been witnessed in the wild making use of -the fact that Evergreen does not check the contents of the qtype CGI -parameter. While these fail their intent, it would be better to -simply drop such searches on the floor when they're seen. - -Evergreen will now confirm that the search class in the qtype parameter -is valid, and that the remainder of the value is structured correctly, -before processing the search request. - diff --git a/docs/RELEASE_NOTES_NEXT/OPAC/stripe_user_id.adoc b/docs/RELEASE_NOTES_NEXT/OPAC/stripe_user_id.adoc deleted file mode 100644 index e20df61157..0000000000 --- a/docs/RELEASE_NOTES_NEXT/OPAC/stripe_user_id.adoc +++ /dev/null @@ -1,5 +0,0 @@ -== User Id Added to Stripe Payment Information == - -The user's database id is added to the "description" field to make it easier -to associate transactions to users if there is a Stripe payment issue that -requires followup. diff --git a/docs/RELEASE_NOTES_NEXT/miscellaneous.adoc b/docs/RELEASE_NOTES_NEXT/miscellaneous.adoc index b290db1b83..e69de29bb2 100644 --- a/docs/RELEASE_NOTES_NEXT/miscellaneous.adoc +++ b/docs/RELEASE_NOTES_NEXT/miscellaneous.adoc @@ -1,3 +0,0 @@ -* `autogen.sh` can now accept a `-c` switch to specify the location of `opensrf_core.xml`. This is useful for certain multi-tenant setups of Evergreen. (LP#2003707) -* Prevent templates from applying or changing magical status in angular holdings editor (LP#1999401) -* Prevent directly editing the shelving location deleted field in the Shelving Locations Editor (LP#2002435) \ No newline at end of file -- 2.11.0