From b298bc47bf8b09db5c0f2a748b8d1c03e873441b Mon Sep 17 00:00:00 2001 From: Galen Charlton Date: Wed, 24 May 2017 12:33:45 -0400 Subject: [PATCH] release notes for 2.10.12 Signed-off-by: Galen Charlton --- docs/RELEASE_NOTES_2_10.adoc | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/docs/RELEASE_NOTES_2_10.adoc b/docs/RELEASE_NOTES_2_10.adoc index c49bcd982f..09749f9290 100644 --- a/docs/RELEASE_NOTES_2_10.adoc +++ b/docs/RELEASE_NOTES_2_10.adoc @@ -3,6 +3,32 @@ Evergreen 2.10 Release Notes :toc: :numbered: +Evergreen 2.10.12 +----------------- +This release is a security release. + +Security Issue: XSS Vulnerability in Public Catalog +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +This release fixes several cross-site scripting (XSS) vulnerabilities +in the public catalog. When upgrading, Evergreen administrators should +review whether any of the following templates have been customized +or overridden. If so, either the template should be replaced with the +stock version or the XSS fix (which entails adding the `| html` filter +in several places) applied to the customized version. + +* `Open-ILS/src/templates/opac/parts/locale_picker.tt2` +* `Open-ILS/src/templates/opac/parts/login/form.tt2` +* `Open-ILS/src/templates/opac/parts/searchbar.tt2` + +Acknowledgements +~~~~~~~~~~~~~~~~ +We would like to thank the following individuals who contributed code, +testing and documentation patches to the 2.10.12 point release of +Evergreen: + +* Galen Charlton +* Dan Scott + Evergreen 2.10.11 ----------------- -- 2.11.0