Koha 25.11.03 released

Posted on Posted in Uncategorized

RELEASE NOTES FOR KOHA 25.11.03

07 Apr 2026

Koha is the first free and open source software library automation
package (ILS). Development is sponsored by libraries of varying types
and sizes, volunteers, and support companies from around the world. The
website for the Koha project is:

Koha 25.11.03 can be downloaded from:

Installation instructions can be found at:

  • Koha Wiki
  • OR in the INSTALL files that come in the tarball

Koha 25.11.03 is a bugfix/maintenance release.

It includes 13 enhancements, 68 bugfixes.

System requirements

You can learn about the system components (like OS and database) needed for running Koha on the community wiki.

Security bugs

  • 41261 XSS vulnerability in opac/unAPI

    This change validates the inputs to “unapi” so that any invalid inputs will result in a 400 error or a response containing valid options for follow-up requests.

  • 41594 Can access invoice-files.pl even when AcqEnableFiles is disabled
  • 42048 Reflected XSS in patron search saved link

Bugfixes

Acquisitions

Other bugs fixed

  • 41420 Syntax error in referrer in parcel.tt

    This fixes the URL for the “Cancel order and catalog record” link when receiving an order for an invoice – the referrer section of the URL was missing.

Architecture, internals, and plumbing

Critical bugs fixed

  • 38426 Node.js v18 EOL around 25.05 release time
  • 41617 CSV export from item search results – incorrect spaces after comma separator causes issues

    This fixes the CSV export from item search results in the staff interface (Search > Item search> Export select results (X) to CSV).

    It removes extra spaces after the comma separator, which causes issues when using the CSV file with some applications (such as Microsoft Excel).

Other bugs fixed

  • 35423 AuthoritiesMarc: Warnings substr outside of string and Use of uninitialized value $type in string eq
  • 41043 Use op ‘add_form’ and ‘edit_form’ instead of ‘add’ and ‘edit’
  • 41076 Perltidy config needs to be refined to not cause changes with perltidy 20250105

    26.05.00

  • 41268 Circulation rules script has many conditionals
  • 41287 Using locale sorting may have a negative impact on search speeds
    This improves the performance for showing facets when using Elasticsearch, by adding another option “simple alphabetical” to sort facets to the FacetOrder system preference.This improves performance for English language libraries and will display the facets correctly in most cases, unless there are Unicode characters. 

    (Technical note: ‘stringwise’ is basic alphanumeric sorting character by character – diacritics are largely ignored.)

  • 41557 LoginFirstname, LoginSurname and emailaddress sent to template but never used
  • 41560 Useless (and confusing) id attribute on a couple of script tag
    Removes the id attribute from the script tag (