Koha 3.14.3 released
The Koha community is proud to announce the release of 3.14.3.
This is a security release that contains critical bugfixes, and also some enhancements and other bugfixes.
As always you can download the release from http://download.koha-community.org
Please read more for the full release notes
RELEASE NOTES FOR KOHA 3.14.3
06 févr. 2014
========================================================================
Koha is the first free and open source software library automation package
(ILS). Development is sponsored by libraries of varying types and sizes,
volunteers, and support companies from around the world.
The website for the Koha project is
Home
Koha 3.14.3 can be downloaded from:
http://download.koha-community.org/koha-3.14.03.tar.gz
Installation instructions can be found at:
http://wiki.koha-community.org/wiki/Installation_Documentation
OR in the INSTALL files that come in the tarball
This release fixes four security bugs:
* bug 11660: tools/pdfViewer.pl could be used to read arbitrary
files on the server
* bug 11661: the staff interface help editor could be used to
modify or create arbitrary files on the server with
the privileges of the Apache user
* bug 11662: member-picupload.pl could be used to write to
arbitrary files on the server with the privileges of
the Apache user
* bug 11666: the MARC framework import/export function did not
require authentication, and could be used to perform
unexpected SQL commands
The fix for bug 11666 removes SQL as a supported format for
importing or exporting MARC frameworks.
We recommend that you upgrade immediately to get the fixes for
these security issues. However, if you are not able to perform
the upgrade right away, you can mitigate against the issues by
performing the following actions:
* deleting the pdfViewer.pl script
* deleting the member-picupload.pl script
* making edithelp.pl not be executable, e.g., by doing
"chmod a-x edithelp.pl"
* making import_export_framework.pl not be executable, which will
disable the MARC framework import and export functionality.
Our thanks to John Lightsey for finding and
reporting the issues.
This release also includes 1 enhancements and 10 other bugfixes.
Enhancements in 3.14.3
======================
Templates
----------
11398 A typo occurred with occured
Critical bugs fixed in 3.14.3
======================
Command-line Utilities
----------
11417 major Remove_unused_authorities.pl doesn't accept --test
OPAC
----------
11277 major Bootstrap theme: error in link for showing all facets
Other bugs fixed in 3.14.3
======================
Architecture, internals, and plumbing
----------
11402 minor Labels::_guide_box should return undef if undefned data is passed
Circulation
----------
11075 minor Clicking 'select all' link in export tab in checkout page clears renew checkboxes
Command-line Utilities
----------
11188 minor Make gather_print_notices.pl die on failed open()
Course reserves
----------
11179 minor Opac-course-details.pl shows item as available when it is checked out
Database
----------
11249 normal Add db indexes on borrowers names
Documentation
----------
11403 minor Renew page missing help file
Hold requests
----------
11445 normal It is possible for duplicate hold notifications to be sent
Packaging
----------
8921 minor Koha-common*.deb should depend on cron
Searching
----------
7518 normal Searches with quotation marks don't work
11131 normal Authority search does not display summary while searching by all auth types
Serials
----------
11228 normal Explanation on 'patron notification' is not quite right
Tools
----------
11279 normal Quote of the day feature won't pick a quote
System requirements
======================
Important notes:
* Perl 5.10 is required
* Zebra is required
Documentation
======================
The Koha manual is maintained in DocBook.The home page for Koha
documentation is
Documentation
As of the date of these release notes, only the English version of the
Koha manual is available:
http://manual.koha-community.org/3.14/en/
The Git repository for the Koha manual can be found at
http://git.koha-community.org/gitweb/?p=kohadocs.git;a=summary
Translations
======================
Complete or near-complete translations of the OPAC and staff
interface are available in this release for the following languages:
* English (USA)
* Arabic (83%)
* Armenian (100%)
* Chinese (China) (99%)
* Chinese (Taiwan) (99%)
* Czech (100%)
* Danish (91%)
* English (New Zealand) (84%)
* French (99%)
* French (Canada) (89%)
* German (100%)
* German (Switzerland) (99%)
* Greek (53%)
* Italian (96%)
* Kurdish (72%)
* Norwegian Bokmål (64%)
* Polish (60%)
* Portuguese (99%)
* Portuguese (Brazil) (91%)
* Slovak (100%)
* Spanish (99%)
* Swedish (90%)
* Turkish (100%)
Partial translations are available for various other languages.
The Koha team welcomes additional translations; please see
http://wiki.koha-community.org/wiki/Translating_Koha
for information about translating Koha, and join the koha-translate
list to volunteer:
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-translate
The most up-to-date translations can be found at:
http://translate.koha-community.org/
Release Team
======================
The release team for Koha 3.14.3 is
Release Manager: Galen Charlton
Documentation Manager: Nicole C Engard
Installation Documentation Managers:
Samuel Desseaux
Mason James
Translation Manager: Bernardo Gonzalez Kriegel
QA Manager: Katrin Fischer
QA Team: Chris Cormack
Marcel de Rooy ,
Jonathan Druart ,
Brendan Gallagher
Kyle Hall
Mason James
Paul Poulain
Bug Wranglers: Magnus Enger
Packaging Manager: Robin Sheat
Live CD Manager: Nguyen Quoc Uy
VM Manager: Samuel Desseaux
Release Maintainer (3.8.x): Chris Hall
Release Maintainer (3.10.x): Bernardo Gonzalez Kriegel
Release Maintainer (3.12.x): Tomás Cohen Arazi
Credits
======================
We thank the following libraries who are known to have sponsored
new features in Koha 3.14.3:
* Universidad Nacional de Cordoba
We thank the following individuals who contributed patches to Koha 3.14.3.
* 2 Tomas Cohen Arazi
* 1 Gaetan Boisson
* 8 Galen Charlton
* 2 Chris Cormack
* 1 Frédéric Demians
* 3 Jonathan Druart
* 1 Nicole Engard
* 1 Magnus Enger
* 3 Katrin Fischer
* 1 Kyle M Hall
* 1 Owen Leonard
* 1 Marcel de Rooy
* 2 Fridolyn SOMERS
* 1 Fridolin Somers
We thank the following companies who contributed patches to Koha 3.14.3
* 1 ACPL
* 3 BSZ BW
* 7 BibLibre
* 2 BigBallOfWax
* 2 ByWater-Solutions
* 8 Equinox
* 1 Libriotech
* 1 Rijksmuseum
* 1 Tamil
* 2 unidentified
We also especially thank the following individuals who tested patches
for Koha 3.14.3.
* 2 Tomas Cohen Arazi
* 38 Galen Charlton
* 10 Chris Cormack
* 7 Jonathan Druart
* 15 Katrin Fischer
* 2 Kyle M Hall
* 1 Leila
* 1 Owen Leonard
* 2 Liz Rea
* 1 Mathieu Saby
* 27 Fridolin Somers
We regret any omissions. If a contributor has been inadvertently missed,
please send a patch against these release notes to
koha-patches@lists.koha-community.org.
Revision control notes
======================
The Koha project uses Git for version control. The current development
version of Koha can be retrieved by checking out the master branch of
git://git.koha-community.org/koha.git
The branch for this version of Koha and future bugfixes in this release line is sec-3.14.x.
The last Koha release was 3.14.0, which was released on November 21, 2013.
Bugs and feature requests
======================
Bug reports and feature requests can be filed at the Koha bug
tracker at
http://bugs.koha-community.org/
He rau ringa e oti ai.
(Many hands finish the work)
##### Autogenerated release notes updated last on 06 févr. 2014 19:08:12 Z #####
Thanks to all contributors.