RELEASE NOTES FOR KOHA 24.05.04

02 Oct 2024

Koha is the first free and open source software library automation
package (ILS). Development is sponsored by libraries of varying types
and sizes, volunteers, and support companies from around the world. The
website for the Koha project is:

• Koha Community

Koha 24.05.04 can be downloaded from:

• Download

Installation instructions can be found at:

• Koha Wiki
• OR in the INSTALL files that come in the tarball

Koha 24.05.04 is a bugfix/maintenance release.

It includes 7 security fixes and 92 bugfixes.

System requirements

You can learn about the system components (like OS and database) needed for running Koha on the community wiki.

Security bugs

• 36598 Add CSRF protection to Mojolicious apps
• 13342 Not logged in user can place a review/comment as a deleted patron
• 37681 XSS vulnerability in item.uri in staff interface
• 37654 XSS in Batch record import for the Citation column
• 37655 XSS vulnerability in basic editor handling of title
• 37656 XSS in Advanced editor for Z39.50 search results
• 37720 XSS (and bustage) in label creator

Bugfixes

About

Other bugs fixed

• 37575 Typo ‘AutoCreateAuthorites’ in about.pl

Accessibility

Other bugs fixed

• 37586 Improve accessibility of top navigation in the OPAC with aria-labels

Acquisitions

Other bugs fixed

• 37337 Submitting a similar suggestion results in a blank page
• 37340 EDIFACT messages should be sortable by ‘details’
  

  This fixes the EDIFACT messages table in acquisitions so that the details column is now sortable (Acquisitions > EDIFACT messages (when the EDIFACT system preference is enabled).

• 37343 Cannot search for vendors when transferring an item in acquisitions
• 37411 Exporting budget planning gives 500 error
• 37450 Clicking ‘Close basket’ from the list of baskets does nothing
• 37551 MarcFieldsToOrder price is overriding MarcItemFieldsToOrderPrice

Architecture, internals, and plumbing

Critical bugs fixed

• 37260 Problem with connection to broker not displayed on the about page
• 37371 Direct input of dates not working when editing only part of a date
• 37509 Elasticsearch status info missing from ‘Server information’
  

  This fixes the About Koha > Server information page so that it now shows information about Elasticsearch. Before this, it was empty.

Other bugs fixed

• 36362 Only call Koha::Libraries->search() if necessary in Item::pickup_locationsSponsored by Gothenburg University Library
• 36474 updatetotalissues.pl should not modify the record when the total issues has not changed
  

  This updates the misc/cronjobs/update_totalissues.pl script so that records are only modified if the number of issues changes. Previously, every record was modified – even if the number of issues did not change.

  In addition, with CataloguingLog enabled, this previously added one entry to the log viewer for every record – as all the records were modified even if the number of issues did not change. Now, only records where the number of issues have changed are included in the log viewer, significantly reducing the number of entries.

• 37216 Fix dbrev for EmailFieldSelection
• 37400 On checkin don’t search for a patron unless needed
• 37510 Koha::Object->delete should throw a Koha::Exception if there’s a parent row constraint

Cataloging

Critical bugs fixed

• 37429 Can’t edit bibliographic records anymore (empty form)

Other bugs fixed

• 37342 CSRF error – Cannot add new authorities from basic editor with ‘Link authorities automatically’
• 37383 No edit item button on catalog detail page for items where holding library is not logged in library
• 37399 Item type not displayed on holdings table if noItemTypeImages is disabled
  

  This fixes the staff interface holdings table for a record so that the ‘Item type’ column is displayed when the “noItemTypeImages” system preference is set to ‘Don’t show’.

  Sponsored by Koha-Suomi Oy

• 37591 Moredetail.tt page is opening very slowly
  

  This improves the loading time of a record’s items page in the staff item when there are many items and check-outs.

  Sponsored by Koha-Suomi Oy

Circulation

Critical bugs fixed

• 37407 Fast add / fast cataloging from patron checkout does not checkout item

Other bugs fixed

• 32696 Recalls can inadvertently extend the due dateSponsored by Ignatianum University in Cracow
• 36196 Handling NULL data in ajax calls for cities
• 37413 Updating an item level hold on an item with no barcode to a next available hold also modifies the other holds on the record
  

  This fixes updating existing item level holds for an item without a barcode. When updating an existing item level hold from “Only item No barcode” (Holds for a record > Existing holds > Details column) to “Next available”, it would incorrectly change any other item level holds to “Next available”.

• 37552 Automatic renewals cronjob can die when an item scheduled for renewal is checked in

Command-line Utilities

Critical bugs fixed

• 37543 connexion_import_daemon.pl stopped working in 24.05 due to API changes related to CSRF-TokenSponsored by Reformational Study Centre
• 37775 update_totalissues.pl uses $dbh->commit but does not use transactions

Other bugs fixed

• 37553 Fix CSRF handling in koha-svc.pl script

Course reserves

Other bugs fixed

• 37409 Edit button for items in course reserves list doesn’t work
  

  This fixes editing existing reserves for a course (when using course reserves). Editing a reserve was opening the add reserve form, instead of letting you edit the existing reserve. (This is related to the CSRF changes added in Koha 24.05 to improve form security.)

Database

Other bugs fixed

• 37476 RANK is a reserved word in MySQL 8.0.2+
  

  This fixes adding a patron to a routing list after receiving a serial – the patron was not being added to the routing list. This issue was only happing where MySQL 8.0.2 or later was used as the database for Koha. This was because the SQL syntax in the SQL used RANK, which become a reserved word in MySQL 8.0.2.

• 37593 Fix typo in schema description for items.bookable

ERM

Critical bugs fixed

• 37288 Edit data provider form does not show the name
  

  This fixes the editing form for eUsage data providers (ERM > eUsage > Data providers):
  – It delays the page display until the information from the counter registry is received. Previously, the data provider name was empty until the data from the registry was received.
  – It removes the ‘Create manually’ button when editing a data provider that was created from the registry.

• 37308 Add user-agent to SUSHI outgoing requests

Other bugs fixed

• 37647 Unnecessary use of Text::CSV_XS in Koha/REST/V1/ERM/EHoldings/Titles/Local.pm

Fines and fees

Critical bugs fixed

• 37263 Creating default article request fees is not working

Other bugs fixed

• 37254 Dropdown values not cleared after pressing clear in circulation rulesSponsored by Koha-Suomi Oy

Hold requests

Critical bugs fixed

• 29087 Holds to pull list can crash with a SQL::Abstract puke
  

  This fixes the cause of an error (SQL::Abstract::puke():…) that can occur on the holds to pull list (Circulation > Holds > Holds to pull).

• 37351 Checkboxes on waiting holds report are not kept when switching to another page
• 37374 Place hold button non-responsive for club holds

Other bugs fixed

• 37373 Cursor should go to patron search box on loading holds page

I18N/L10N

Critical bugs fixed

• 37303 Fuzzy translations displayed on the UI

ILL

Critical bugs fixed

• 37389 REST API queries joining on extended_attributes may cause severe performance issues
  

  This fixes a severe performance issue with a REST API SQL query for patron and interlibrary loan request custom attributes. It fixes the problematic join queries using a “mixin” and adds tests. The previous queries could in some circumstance severally affect the database performance.

Label/patron card printing

Critical bugs fixed

• 37192 Can’t print label from the item editor
  

  This fixes a 500 error that occurs when attempting to print a label for an item in the staff interface (from the record details page > Edit > Edit items > Actions > Print label (for a specific item). The label batch editor now opens (as expected).

Lists

Other bugs fixed

• 37285 Printing lists only prints the ten first results

MARC Authority data support

Other bugs fixed

• 37226 Authority hierarchy tree broken when a child (narrower) term appears under more than one parent (greater) term

OPAC

Critical bugs fixed

• 37111 OPAC renewal – CSRF “op must be set”
  

  This fixes an error that occurs when patron’s attempt to renew items from their OPAC account (Your account > Summary). The error was related to the CSRF changes to improve the security for forms added Koha 24.05.

Other bugs fixed

• 36566 Correct ESLlint errors in OPAC enhanced content JS
  

  This fixes various ESLint errors in enhanced content JavaScript files:
  – Consistent indentation
  – Remove variables which are declared but not used
  – Add missing semicolons
  – Add missing “var” declarations

• 37324 Self registration complete login form won’t login user
  This fixes the login form after completing self registration in the OPAC – the prefilled login details now let you log in.

Patrons

Critical bugs fixed

• 34147 Patron search displays “processing” when category has library limitations that exclude the logged in library name
• 37378 Patron searches can fail when library groups are set to ‘Limit patron data access by group’
• 37523 CSRF error when modifying an existing patron recordSponsored by Athens County Public Libraries
• 37542 Patron search is incorrectly parsing entries as dates and fetching the wrong patron if dateofbirth in search fields

Other bugs fixed

• 36882 Flatpickr doesn’t work for repeatable date patron attributes in overdues
• 37435 Cannot renew patron from details page in patron account without circulate permissions
• 37489 Cannot delete patron image without uploading a file

Point of Sale

Other bugs fixed

• 36998 ‘Issue refund’ modal on cash register transactions page can mistakenly display amount from previously clicked on transaction
• 37563 Refund, payout, and discount modals in patron transactions and point of sale have broken/bad formatting of values

REST API

Other bugs fixed

• 29509 GET /patrons* routes permissions excessive

Reports

Critical bugs fixed

• 37093 403 Forbidden Error when attempting to search for Mana Reports
  

  This fixes searching for a report in Mana when creating a new report. Searching Mana was generating an error message “Your search could not be completed. Please try again later. 403 Forbidden”. (This is related to the CSRF changes added in Koha 24.05 to improve form security.)

Other bugs fixed

• 37077 SQL Reports – Picking only one option for each multiple selection results in wrong query
• 37382 Report download is empty except for headers if .tab format is selected
• 37763 ‘Update and run SQL’ appends the editor screen after the report resultsSponsored by Westlake Porter Public Library

Searching – Elasticsearch

Other bugs fixed

• 35792 Quiet warning: Use of uninitialized value $sub6
  

  This removes a warning message[1] that appears in the reindexing output when using Elasticsearch. The warning was generated if there was no value in 880$6 (880 = Alternate Graphic Representation, $6 = Linkage), but there were other 880 subfields with a value, for example 880$a.

  [1] Use of uninitialized value $sub6 in pattern match (m//) at /kohadevbox/koha/Koha/SearchEngine/Elasticsearch.pm line 619.

• 36879 Spurious warnings in QueryBuilder
  This fixes the cause of a warning message in the log files. Changing the sort order for search results in the staff interface (for example, from Relevance to Author (A-Z)) would generate an unnecessary warning message in plack-intranet-error.log: [WARN] Use of uninitialized value $f in hash element at /kohadevbox/koha/Koha/SearchEngine/Elasticsearch/QueryBuilder.pm line 72 5.

Serials

Critical bugs fixed

• 37873 Unable to delete user from routing list or preview/print routing list slip
  

  Fixes a regression that prevented recipients from being deleted from a routing list, as well as resolving issues with previewing routing lists.

  Sponsored by Westlake Porter Public Library

Other bugs fixed

• 37294 Generate next button in serials not working
  

  This fixes the ‘Generate next’ button when receiving serials so that it now works as expected. Before this fix, nothing happened when clicking the button. (This is related to the CSRF changes added in Koha 24.05 to improve form security.)

Staff interface

Critical bugs fixed

• 26866 Items table on additem should sort by cn_sort

Other bugs fixed

• 28762 Item status shows incorrectly on course-details.pl
• 31921 No confirmation alert when deleting a vendor
  

  This fixes deleting vendors in acquisitions. There is now a new confirmation pop-up dialogue box.

• 33453 Confirmation button for ‘Record cashup’ should be yellow
  This fixes the style of the “Confirm” button in the pop-up window when recording a cashup (Tools > Transaction history for > Record cashup). The button was changed from the default button style (with a white background) to the yellow primary action button.
• 33455 Heading on ‘update password’ page is too big
  This fixes the heading for the patron change password page in the staff interface (Patrons > search for a patron > Change password). It was previously part of the form area with the white background, when it should have been above it like other page headings.
• 36129 Check in “Hide all columns” doesn’t persist on item batch modification/deletion
  

  This fixes the item batch modification/deletion tool, so that if the “Hide all columns” checkbox is selected and then the page is reloaded, the checkbox is still shown as selected. Before this, the columns remained hidden as expected, but the checkbox wasn’t selected.

  Sponsored by Koha-Suomi Oy

• 37029 ‘About Koha’ button on staff side homepage seems out of place among application buttons
• 37425 Deletion of bibliographic record can cause search errors

System Administration

Critical bugs fixed

• 37419 Deleting the record source deletes the associated biblio_metadata rows

Other bugs fixed

• 36276 Cannot edit identity provider after creation
  

  This fixes the identity provider and domain forms so that the information is now editable (Administration > Additional parameters > Identity providers).

  Sponsored by Athens County Public Libraries

• 36907 OAI set mapping form field maxlength should match table column sizes
  

  This fixes the OIA set mappings form so that you can’t enter more characters than the maximum length for the input fields (Field (3), Subfield (1), and Value (80)). Previously, you could enter more characters – however, when you saved the form it generated an error.

• 37461 Typo in SMSSendAdditionalOptions description

Templates

Other bugs fixed

• 35235 Mismatched label on notice edit form
• 35236 Mismatched label on patron card batch edit form
  

  This fixes the “Batch description” label when editing a patron card batch (Tools > Patrons and circulation > Patron card creator > Manage > Card batches > Edit). When you click on the batch description label, the input field is now selected and you can enter the batch description. Before this, you had to click in the field to add the description.

• 36885 Missing tooltip on budget planning page
  This fixes the “Budget locked” tooltip for budget fund planning pages (Administration > Budgets > select a budget that is locked > Funds > Planning > any planning option). The tooltip was not styled correctly for fund names – it now has white text on a black background.
• 37030 Use template wrapper for breadcrumbs: Cash register stats
• 37496 Link to item details from holdings table links to all items
• 37643 Check for NaN instead of truthiness if calendar.inc accepts_time

Test Suite

Other bugs fixed

• 37302 xt/api.t should fail if swagger-cli is missing
  

  This fixes the tests in xt/api.t. It was skipping tests if swagger-cli was missing, which meant that some tests weren’t being run when they should be. The tests now fail if swagger-cli isn’t found.

  It also adds swagger-cli 4.0.4+ to the devDependancies section of package.json.

• 37607 t/cypress/integration/ERM/DataProviders_spec.ts fails
• 37620 Fix randomly failing tests for cypress/integration/InfiniteScrollSelect_spec.ts
• 37623 t/db_dependent/Letters.t tests fails to consider EmailFieldPrimary system preferenceSponsored by Pymble Ladies’ College

Tools

Critical bugs fixed

• 37612 Batch modifying patrons from patron lists broken by CSRF protection
  

  This fixes batch editing patrons from a patron list (Tools > Patrons and circulation > Patron lists > Actions > Batch edit patrons). When attempting to batch edit patrons, it didn’t load the page to batch edit the patrons, and displayed the message “No patron card numbers or borrowernumbers given.” (This is related to the CSRF changes added in Koha 24.05 to improve form security.)

  Sponsored by Chetco Community Public Library

• 37614 Printing patron cards from patron lists broken by CSRF protection
  

  This fixes printing patron cards from a patron list (Tools > Patrons and circulation > Patron lists > Actions > Print patron cards > Export). When clicking on Export, the progress icon keeps spinning and doesn’t finish – resulting in no PDF file to download. (This is related to the CSRF changes added in Koha 24.05 to improve form security.)

Other bugs fixed

• 37186 Cannot delete a rotating collection

Documentation

The Koha manual is maintained in Sphinx. The home page for Koha
documentation is

• Koha Documentation
  As of the date of these release notes, the Koha manual is available in the following languages:
• Chinese (Traditional) (78%)
• English (100%)
• English (USA)
• French (49%)
• German (39%)
• Greek (73%)
• Hindi (75%)

The Git repository for the Koha manual can be found at

• Koha Git Repository

Translations

Complete or near-complete translations of the OPAC and staff
interface are available in this release for the following languages:

Partial translations are available for various other languages.

The Koha team welcomes additional translations; please see

• Koha Translation Info

For information about translating Koha, and join the koha-translate
list to volunteer:

• Koha Translate List

The most up-to-date translations can be found at:

• Koha Translation

Release Team

The release team for Koha 24.05.04 is

• Release Manager: Katrin Fischer
• Release Manager assistants:
  • Tomás Cohen Arazi
  • Martin Renvoize
  • Jonathan Druart
• QA Manager: Martin Renvoize
• QA Team:
  • Marcel de Rooy
  • Kyle M Hall
  • Emily Lamancusa
  • Nick Clemens
  • Lucas Gass
  • Tomás Cohen Arazi
  • Julian Maurice
  • Victor Grousset
  • Aleisha Amohia
  • David Cook
  • Laura Escamilla
  • Jonathan Druart
  • Pedro Amorim
  • Matt Blenkinsop
  • Thomas Klausner
• Topic Experts:
  • UI Design — Owen Leonard
  • Zebra — Fridolin Somers
  • ERM — Matt Blenkinsop
  • ILL — Pedro Amorim
  • SIP2 — Matthias Meusburger
  • CAS — Matthias Meusburger
• Bug Wranglers:
  • Aleisha Amohia
  • Jacob O’Mara
• Packaging Managers:
  • Mason James
  • Tomás Cohen Arazi
• Documentation Manager: Philip Orr
• Documentation Team:
  • Aude Charillon
  • Caroline Cyr La Rose
  • Lucy Vaux-Harvey
  • Emmanuel Bétemps
  • Marie-Luce Laflamme
  • Kelly McElligott
  • Rasa Šatinskienė
  • Heather Hernandez
• Wiki curators:
  • Thomas Dukleth
  • George Williams
• Release Maintainers:
  • 24.05 — Lucas Gass
  • 23.11 — Fridolin Somers
  • 23.05 — Wainui Witika-Park
  • 22.11 — Fridolin Somers

Credits

We thank the following libraries, companies, and other institutions who are known to have sponsored
new features in Koha 24.05.04

We thank the following individuals who contributed patches to Koha 24.05.04

We thank the following libraries, companies, and other institutions who contributed
patches to Koha 24.05.04

We also especially thank the following individuals who tested patches
for Koha

We regret any omissions. If a contributor has been inadvertently missed,
please send a patch against these release notes to koha-devel@lists.koha-community.org.

Revision control notes

The Koha project uses Git for version control. The current development
version of Koha can be retrieved by checking out the main branch of:

• Koha Git Repository

The branch for this version of Koha and future bugfixes in this release
line is 24.05.x-security.

Bugs and feature requests

Bug reports and feature requests can be filed at the Koha bug
tracker at:

• Koha Bugzilla

He rau ringa e oti ai.
(Many hands finish the work)

Autogenerated release notes updated last on 02 Oct 2024 14:43:13.