The Koha community are proud to release Koha version 3.20.14, this is a security release and anyone running 3.20.x is recommended to upgrade.
Please continue reading for the full release notes

RELEASE NOTES FOR KOHA 3.20.14

22 Aug 2016

Koha is the first free and open source software library automation package (ILS). Development is sponsored by libraries of varying types and sizes, volunteers, and support companies from around the world. The website for the Koha project is:

• Koha Community

Koha 3.20.14 can be downloaded from:

• Download

Installation instructions can be found at:

• Koha Wiki
• OR in the INSTALL files that come in the tarball

Koha 3.20.14 is a security release.

It includes 12 bugfixes.

Critical bugs fixed

Architecture, internals, and plumbing

• [16476] CGI->param(‘foo’) in list context allows XSS (e.g. Javascript injection) in Koha

Koha

• [16958] opac-imageviewer.pl is vulnerable to XSS
• [17022] branchtransfers.pl is vulnerable to XSS attacks
• [17023] z3950_search.pl are vulnerable to XSS attacks
• [17026] checkexpiration.pl is vulnerable to XSS attacks
• [17028] request.pl is vulnerable to XSS attacks
• [17029] *detail.pl are vulnerable to XSS attacks
• [17036] circulation.pl is vulnerable to XSS attacks
• [17038] search.pl is vulnerable to XSS attacks

OPAC

• [16593] Access Control – Malicious user can delete the search history of another user

Other bugs fixed

Koha

• [16587] Reflected XSS in [opac-]sendbasket and [opac-]sendshelf
• [16975] DSA-3628-1 perl — security update

System requirements

Important notes:

• Perl 5.10 is required
• Zebra is required

Documentation

The Koha manual is maintained in DocBook.The home page for Koha documentation is

• Koha Documentation

As of the date of these release notes, only the English version of the Koha manual is available:

• Koha Manual

The Git repository for the Koha manual can be found at

• Koha Git Repository

Translations

Complete or near-complete translations of the OPAC and staff interface are available in this release for the following languages:

• English (USA)
• Arabic (99%)
• Armenian (100%)
• Chinese (China) (98%)
• Chinese (Taiwan) (97%)
• Czech (98%)
• Danish (81%)
• English (New Zealand) (99%)
• Finnish (99%)
• French (94%)
• French (Canada) (94%)
• German (100%)
• German (Switzerland) (99%)
• Greek (85%)
• Italian (100%)
• Korean (62%)
• Kurdish (59%)
• Norwegian Bokmål (60%)
• Occitan (95%)
• Persian (68%)
• Polish (100%)
• Portuguese (100%)
• Portuguese (Brazil) (97%)
• Slovak (100%)
• Spanish (100%)
• Swedish (88%)
• Turkish (100%)
• Vietnamese (84%)

Partial translations are available for various other languages.

The Koha team welcomes additional translations; please see

• Koha Translation Info

for information about translating Koha, and join the koha-translate list to volunteer:

• Koha Translate List

The most up-to-date translations can be found at:

• Koha Translation

Release Team

The release team for Koha 3.20.14 is

• Release Manager: Tomás Cohen Arazi
• QA Manager: Katrin Fischer
• QA Team:
  • Kyle Hall
  • Jonathan Druart
  • Tomás Cohen Arazi
  • Marcel de Rooy
  • Nick Clemens
  • Jesse Weaver
• Bug Wranglers:
  • Amit Gupta
  • Magnus Enger
  • Mirko Tietgen
  • Indranil Das Gupta
  • Zeno Tajoli
  • Marc Véron
• Packaging Manager: Mirko Tietgen
• Documentation Manager: Nicole C. Engard
• Translation Manager: Bernardo Gonzalez Kriegel
• Wiki curators:
  • Brook
  • Thomas Dukleth
• Release Maintainers:
  • 16.05 — Frédéric Demians
  • 3.22 — Julian Maurice
  • 3.20 — Chris Cormack

Credits

We thank the following libraries who are known to have sponsored new features in Koha 3.20.14:

We thank the following individuals who contributed patches to Koha 3.20.14.

• Chris Cormack (7)
• Jonathan Druart (11)

We thank the following libraries, companies, and other institutions who contributed patches to Koha 3.20.14

• BigBallOfWax (3)
• bugs.koha-community.org (11)
• Catalyst (4)

We also especially thank the following individuals who tested patches for Koha.

• Brendan Gallagher (3)
• Chris Cormack (20)
• Frédéric Demians (3)
• Jonathan Druart (4)
• Katrin Fischer (9)
• Kyle M Hall (4)
• Marcel de Rooy (1)

We regret any omissions. If a contributor has been inadvertently missed, please send a patch against these release notes to koha-patches@lists.koha-community.org.

Revision control notes

The Koha project uses Git for version control. The current development version of Koha can be retrieved by checking out the master branch of:

• Koha Git Repository

The branch for this version of Koha and future bugfixes in this release line is 3.20.x. The last Koha release was 3.16.9, which was released on March 29, 2015.

Bugs and feature requests

Bug reports and feature requests can be filed at the Koha bug tracker at:

• Koha Bugzilla

He rau ringa e oti ai. (Many hands finish the work)

Autogenerated release notes updated last on 22 Aug 2016 23:02:40.