From a3fadc21f022c4efc1c2aa10f7a9bbb841396053 Mon Sep 17 00:00:00 2001
From: Dan Scott <dscott@laurentian.ca>
Date: Wed, 16 Jan 2013 00:00:22 -0500
Subject: [PATCH] Bumping version numbers for 2.1.5

Also, add pertinent release notes entry.

Signed-off-by: Dan Scott <dscott@laurentian.ca>
---
 Open-ILS/src/perlmods/lib/OpenILS/Application.pm |  2 +-
 Open-ILS/src/sql/Pg/002.schema.config.sql        |  3 +-
 Open-ILS/xul/staff_client/windowssetup.nsi       |  4 +--
 README                                           |  8 +++---
 RELEASE_NOTES.txt                                | 35 ++++++++++++++++++++++++
 configure.ac                                     |  4 +--
 6 files changed, 45 insertions(+), 11 deletions(-)

diff --git a/Open-ILS/src/perlmods/lib/OpenILS/Application.pm b/Open-ILS/src/perlmods/lib/OpenILS/Application.pm
index 3abe09b1ff..d3628570b8 100644
--- a/Open-ILS/src/perlmods/lib/OpenILS/Application.pm
+++ b/Open-ILS/src/perlmods/lib/OpenILS/Application.pm
@@ -6,7 +6,7 @@ use base qw/OpenSRF::Application/;
 sub ils_version {
     # version format is "x-y-z", for example "2-0-0" for Evergreen 2.0.0
     # For branches, format is "x-y"
-    return "2-1-4";
+    return "2-1-5";
 }
 
 __PACKAGE__->register_method(
diff --git a/Open-ILS/src/sql/Pg/002.schema.config.sql b/Open-ILS/src/sql/Pg/002.schema.config.sql
index 61faf57112..8ed0f9bfd8 100644
--- a/Open-ILS/src/sql/Pg/002.schema.config.sql
+++ b/Open-ILS/src/sql/Pg/002.schema.config.sql
@@ -58,8 +58,7 @@ CREATE TABLE config.upgrade_log (
 );
 
 INSERT INTO config.upgrade_log (version) VALUES ('0726'); -- denials
-INSERT INTO config.upgrade_log (version) VALUES ('2.1.4');
-INSERT INTO config.upgrade_log (version) VALUES ('2.1.3');
+INSERT INTO config.upgrade_log (version) VALUES ('2.1.5');
 
 CREATE TABLE config.bib_source (
 	id		SERIAL	PRIMARY KEY,
diff --git a/Open-ILS/xul/staff_client/windowssetup.nsi b/Open-ILS/xul/staff_client/windowssetup.nsi
index 04a8e9682e..42e82585de 100644
--- a/Open-ILS/xul/staff_client/windowssetup.nsi
+++ b/Open-ILS/xul/staff_client/windowssetup.nsi
@@ -5,8 +5,8 @@
 ;!define /file PRODUCT_VERSION "client/VERSION"
 !define PRODUCT_TAG "2.1"
 !define PRODUCT_INSTALL_TAG "${PRODUCT_TAG}"
-!define UI_IMAGESET "beta"
-;!define UI_IMAGESET "release"
+;!define UI_IMAGESET "beta"
+!define UI_IMAGESET "release"
 !define PRODUCT_NAME "Evergreen Staff Client ${PRODUCT_TAG}"
 !define PRODUCT_PUBLISHER "Evergreen Community"
 !define PRODUCT_WEB_SITE "http://evergreen-ils.org/"
diff --git a/README b/README
index 6102154035..0e38f7c5e9 100644
--- a/README
+++ b/README
@@ -1,4 +1,4 @@
-README for Evergreen 2.1.4
+README for Evergreen 2.1.5
 ==========================
 
 Preamble: referenced user accounts
@@ -38,8 +38,8 @@ the following commands as the *user* Linux account:
 
 [source, bash]
 ------------------------------------------------------------------------------
-wget -c http://evergreen-ils.org/downloads/previews/Evergreen-ILS-2.1.4.tar.gz
-tar xzf previews/Evergreen-ILS-2.1.4.tar.gz
+wget -c http://evergreen-ils.org/downloads/Evergreen-ILS-2.1.5.tar.gz
+tar xzf Evergreen-ILS-2.1.5.tar.gz
 ------------------------------------------------------------------------------
 
 Preamble: Developer instructions
@@ -172,7 +172,7 @@ Installation instructions
 +
 [source, bash]
 ------------------------------------------------------------------------------
-make STAFF_CLIENT_STAMP_ID=rel_2_1_4 install
+make STAFF_CLIENT_STAMP_ID=rel_2_1_5 install
 ------------------------------------------------------------------------------
 +
 2. The server portion of the staff client expects `http://hostname/xul/server`
diff --git a/RELEASE_NOTES.txt b/RELEASE_NOTES.txt
index 6df7e8a72a..046aa2fce7 100644
--- a/RELEASE_NOTES.txt
+++ b/RELEASE_NOTES.txt
@@ -1,6 +1,41 @@
 Evergreen 2.1 release notes
 ===========================
 
+Upgrade notes
+-------------
+
+SQL injection fix
+~~~~~~~~~~~~~~~~~
+To prevent arbitrary SQL being executed, the names of savepoints are now
+sanitized in open-ils.pcrud and open-ils.cstore operations.
+
+Log Protect (redaction)
+~~~~~~~~~~~~~~~~~~~~~~~
+To prevent sensitive information such as passwords from being logged
+in general activity logs, add the following XML chunk to the bottom of
+`opensrf_core.xml`, just inside the `<config>` section:
+
+[source, xml]
+----------------------------------------------------------------
+  ...
+  </routers>
+  <shared> <!-- new block starts here -->
+    <log_protect>
+      <match_string>open-ils.auth.authenticate.verify</match_string>
+      <match_string>open-ils.auth.authenticate.complete</match_string>
+      <match_string>open-ils.auth_proxy.login</match_string>
+      <match_string>open-ils.actor.user.password</match_string>
+      <match_string>open-ils.actor.user.username</match_string>
+      <match_string>open-ils.actor.user.email</match_string>
+      <match_string>open-ils.actor.patron.update</match_string>
+      <match_string>open-ils.cstore.direct.actor.user.create</match_string>
+      <match_string>open-ils.cstore.direct.actor.user.update</match_string>
+      <match_string>open-ils.cstore.direct.actor.user.delete</match_string>
+    </log_protect>
+  </shared> <!-- new block ends here -->
+</config>
+----------------------------------------------------------------
+
 Installation enhancements
 -------------------------
 * `eg_db_config.pl` now has a `--create-database` option to automatically create
diff --git a/configure.ac b/configure.ac
index aa1a8414d9..e3e94d8c01 100644
--- a/configure.ac
+++ b/configure.ac
@@ -20,8 +20,8 @@
 
 export PATH=${PATH}:/usr/sbin
 AC_PREREQ(2.61)
-AC_INIT(Open-ILS, 2.1.4, open-ils-dev@list.georgialibraries.org)
-AM_INIT_AUTOMAKE([OpenILS], [2.1.4])
+AC_INIT(Open-ILS, 2.1.5, open-ils-dev@list.georgialibraries.org)
+AM_INIT_AUTOMAKE([OpenILS], [2.1.5])
 AC_REVISION($Revision: 0.1 $)
 AC_CONFIG_SRCDIR([configure.ac])
 AC_PREFIX_DEFAULT([/openils/])
-- 
2.11.0