Koha 3.14.16 released

Posted on Posted in 3.14, release Tagged with ,

Koha 3.14.16 can be downloaded from: http://download.koha-community.org/koha-3.14.16.tar.gz

Installation instructions can be found at http://wiki.koha-community.org/wiki/Installation_Documentation or in the INSTALL files that come in the tarball

Koha 3.14.16 is a security release.

Table of contents

Security bugfixes in Koha 3.14.16

Authentication

  • Questionable logic regarding session handling in C4::Auth::checkauth() (major – bug 12954)

Lists

  • Stored XSS flaw affects OPAC and Staff interface (major – bug 14416)

OPAC

  • SQL Injection in OPAC Interface (critical – bug 14412)
  • XSS Injection point (major – bug 14360)
  • XSS Flaws in OPAC Interface (major – bug 14418)

Staff Client

  • Path traversal vulnerabilty (critical – bug 14408)
  • SQL Injection in Staff Client (critical – bug 14426)
  • Multiple XSS and XSRF issues in Staff Client (major – bug 14423)

Other bugs fixed in Koha 3.14.16

Authentication

  • Auth.pm code issues (trivial – bug 13521)

New system preferences in Koha 3.14.16

System requirements

Important notes:

  • Perl 5.10 is required
  • Zebra is required

Documentation

The Koha manual is maintained in DocBook. The home page for Koha documentation is http://koha-community.org/documentation

As of the date of these release notes, only the English version of the Koha manual is available at http://manual.koha-community.org/3.14.16/en/

The Git repository for the Koha manual can be found at http://git.koha-community.org/gitweb/?p=kohadocs.git;a=summary

Translations

Complete or near-complete translations of the OPAC and staff interface are available in this release for the following languages:

  • English (USA)
  • Arabic (99%)
  • Armenian (100%)
  • Czech (100%)
  • Danish (88%)
  • French (97%)
  • German (100%)
  • Greek (51%)
  • Italian (100%)
  • Kurdish (70%)
  • Polish (62%)
  • Portuguese (100%)
  • Slovak (100%)
  • Spanish (100%)
  • Swedish (89%)
  • Turkish (100%)
  • Vietnamese (99%)

Partial translations are available for various other languages.

The Koha team welcomes additional translations; please see http://wiki.koha-community.org/wiki/Translating_Koha

For information about translating Koha, and join the koha-translate list to volunteer

The most up-to-date translations can be found at http://translate.koha-community.org

Release Team

The release team for Koha 3.14.16 is

Release Manager: Galen Charlton <gmc@esilibrary.com>

Documentation Manager: Nicole C Engard <nengard@gmail.com>
Installation Documentation Managers:

  • Samuel Desseaux <samuel.desseaux@ecp.fr>
  • Mason James <mtj@kohaaloha.com>

Translation Manager: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>

QA Manager: Katrin Fischer <Katrin.Fischer@bsz-bw.de>
QA Team:

  • Chris Cormack <chrisc@catalyst.net.nz>
  • Marcel de Rooy <M.de.Rooy@rijksmuseum.nl>
  • Jonathan Druart <jonathan.druart@biblibre.com>
  • Brendan Gallagher <brendan@bywatersolutions.com>
  • Kyle Hall <kyle@bywatersolutions.com>
  • Mason James <mtj@kohaaloha.com>
  • Paul Poulain <paul.poulain@biblibre.com>

Bug Wranglers: Magnus Enger <magnus@enger.priv.no>

Packaging Manager: Robin Sheat <robin@catalyst.net.nz>
Live CD Manager: Nguyen Quoc Uy <nguyenquocuy_1102@yahoo.com>
VM Manager: Samuel Desseaux <samuel.desseaux@ecp.fr>

Release Maintainer (3.14.x): Fridolin Somers <fridolin.somers@biblibre.com>
Release Maintainer (3.16.x): Galen Charlton <gmc@esilibrary.com>
Release Maintainer (3.18.x): Chris Cormack <chrisc@catalyst.net.nz>

Credits

We thank the following libraries who are known to have sponsored new features in Koha 3.14.16:

We thank the following individuals who contributed patches to Koha 3.14.16:

  • Aleisha (2)
  • Chris (7)
  • Chris Cormack (4)
  • Jonathan Druart (7)
  • Mason James (1)
  • Martin Renvoize (2)
  • Fridolin Somers (5)

We thank the following libraries, companies, and other institutions who contributed patches to Koha 3.14.16:

  • BibLibre (5)
  • BigBallOfWax (7)
  • Catalyst (4)
  • KohaAloha (1)
  • PTFS-Europe (2)
  • koha-community.org (7)
  • unidentified (2)

We also especially thank the following individuals who tested patches for Koha 3.14.16:

  • Chris Cormack (21)
  • Fridolin Somers (20)
  • Jonathan Druart (18)
  • Katrin Fischer (20)
  • Mason James (5)
  • Tomas Cohen Arazi (11)
  • Kyle M Hall (4)

We regret any omissions. If a contributor has been inadvertently missed, please send a patch against these release notes to koha-patches@lists.koha-community.org.

Revision control notes

The Koha project uses Git for version control. The current development version of Koha can be retrieved by checking out the master branch of git://git.koha-community.org/koha.git

The branch for this version of Koha and future bugfixes in this release line is 3.14.x.

Bugs and feature requests

Bug reports and feature requests can be filed at the Koha bug tracker at http://bugs.koha-community.org

He rau ringa e oti ai. (Many hands finish the work)

##### Autogenerated release notes updated last on 23 juin 2015 16:09:13 Z #####