Koha 3.22.3 security release

The Koha community is proud to announce the release of Koha 3.22.3

The website for the Koha project is http://koha-community.org and Koha 3.22.3 can be downloaded from: http://download.koha-community.org/old_releases/koha-3.22.03.tar.gz

Installation instructions can be found at http://wiki.koha-community.org/wiki/Installation_Documentation or in the INSTALL files that come in the tarball

Koha 3.22.3 is a security release.

It includes 1 security fix, 4 enhancements and 57 bugfixes.

Table of contents

Security fixes in Koha 3.22.3

• sql injection in opac-shelves.pl (bug 15760)

Enhancements in Koha 3.22.3

Architecture, internals, and plumbing

• Remove get_branchinfos_of vestiges (bug 15628)

OPAC

• Better wording for error message when adding tags (bug 15574)

Patrons

• When adding messages in patron account, only first name is shown in pull down (bug 14406)

Staff Client

• Spelling mistake in ~/Koha/reserve/placerequest.pl:4: writen ==> written (bug 15638)

Critical bugs fixed in Koha 3.22.3

Architecture, internals, and plumbing

• Fresh install of Koha cannot find any dependencies (blocker – bug 15680)
• Syntax errors in misc/translator/xgettext.pl (critical – bug 15687)

Circulation

• Transfer impossible if barcode includes spaces (major – bug 12045)

Course reserves

• Editing a course item via a disabled course disables it even if it is on other enabled courses (major – bug 15530)

MARC Authority data support

• Remove_unused_authorities.pl will delete all authorities if zebra is not running (major – bug 15188)

Tools

• Performance issue running overdue_notices.pl (critical – bug 15240)
• Separate temporary storage per instance in Upload.pm (major – bug 14893)
• Fix encoding issues with quote upload (major – bug 15684)

Other bugs fixed in Koha 3.22.3

Acquisitions

• Spelling mistake in suggestion.pl (trivial – bug 15624)

Architecture, internals, and plumbing

• Remove Warning Subroutine HasOverdues redefined (normal – bug 15135)
• koha-remove does not remove log4perl.conf (normal – bug 15626)
• Fixing code so it passes basic Perl::Critic tests (minor – bug 6679)

Authentication

• Cgisess_ files polluting the /tmp directory (minor – bug 15553)

Circulation

• Checkout: Fix software error if barcode ‘0’ is given (normal – bug 14015)
• Do not display links to circulation.pl if remaining_permissions is not set (trivial – bug 15472)

Command-line Utilities

• <<items.content>> for advance_notices.pl wrongly documented (minor – bug 14624)

Documentation

• Add help pages for Rotating collections (normal – bug 13177)

Hold requests

• Deleting all items on a record with title level holds creates orphaned/ghost holds (normal – bug 15357)

I18N/L10N

• Translatability: Fix issues on check in page (minor – bug 15355)
• Translatability: Fix issues on OPAC page ‘Placing a hold’ (trivial – bug 15375)

Lists

• After editing private list, user should be redirect to private lists (normal – bug 4912)
• It’s possible to view lists/virtualshelves even when virtualshelves is off (normal – bug 6322)
• Listname not always displayed in shelves.pl (minor – bug 15476)

MARC Bibliographic data support

• C4::Koha routines expecting a MARC::Record object should check it is defined (normal – bug 15209)
• MARC21: Repeated 508 not correctly formatted (missing separator) (minor – bug 15444)

Notices

• Print notices generated in special case do not use print template (normal – bug 14133)

OPAC

• Link in OPAC redirects to the wrong page (normal – bug 15576)
• Warns in opac-search.pl (minor – bug 14555)
• MARC21: Display of $d for 7xx and 1xx fields should be optional (minor – bug 15100)
• Link in OPAC doesn’t redirect anywhere (minor – bug 15577)
• OPAC Lists “his” string fix (trivial – bug 15589)

Packaging

• koha-remove optionally includes var/lib and var/spool (normal – bug 9754)

Patrons

• Patron image disappears when on fines tab (normal – bug 15353)
• Warns when modifying patron (minor – bug 14480)
• Patron details should open in tab (minor – bug 15195)
• Spelling mistake in memberentry.pl (trivial – bug 15619)
• Spelling mistake in printinvoice (trivial – bug 15621)
• Spelling mistake in boraccount.pl (trivial – bug 15623)

Reports

• Radio Buttons where there should be checkboxes on Dictionary (normal – bug 2669)
• Add delete confirmation for deleting saved reports (normal – bug 15299)

Searching

• Search links on callnumbers with parentheses fails on OPAC results page (minor – bug 15468)
• Spelling mistake in MARC21slim2OPACDetail.xsl (trivial – bug 15608)
• Spelling mistake: paramter vs parameter (trivial – bug 15613)

Serials

• Warns in subscription-add.pl (minor – bug 14641)

Staff Client

• Typo in userpermissions.sql (minor – bug 11569)
• Spelling mistake in ~/Koha/koha-tmpl/intranet-tmpl/p./plugins/plugins-upload.tt (minor – bug 15592)
• Spelling mistake in :692: writen ==> written (minor – bug 15609)
• Spelling mistake: implimented (trivial – bug 15611)
• Spelling mistake in circ/pendingreserves.tt: Fullfilled (trivial – bug 15614)

Templates

• Typo in opac-auth-detail.tt (trivial – bug 15597)
• Typo in subscription-add.tt (trivial – bug 15598)

Test Suite

• HoldsQueue.t does not handle for loan itemtypes correctly (normal – bug 15391)

Tools

• Batch patron modification should not update with unique patron attributes (normal – bug 12636)
• Batch patron deletion/anonymization issue page: Restricted dropdown menu (normal – bug 15398)
• Improve messages in patron anonymizing tool (minor – bug 14810)

Web services

• Bad utf8 decode to unapi and fixing code status 200 (trivial – bug 15190)

Z39.50 / SRU / OpenSearch Servers

• Z39.50 admin setup, options column suggested changes (trivial – bug 15298)

System requirements

Important notes:

• Perl 5.10 is required
• Zebra is required

Documentation

The Koha manual is maintained in DocBook. The home page for Koha documentation is http://koha-community.org/documentation

As of the date of these release notes, only the English version of the Koha manual is available at http://manual.koha-community.org/3.22.3/en/

The Git repository for the Koha manual can be found at http://git.koha-community.org/gitweb/?p=kohadocs.git;a=summary

Translations

Complete or near-complete translations of the OPAC and staff interface are available in this release for the following languages:

• English (USA)
• Arabic (100%)
• Armenian (100%)
• Chinese (China) (97%)
• Chinese (Taiwan) (100%)
• Czech (98%)
• Danish (79%)
• English (New Zealand) (91%)
• Finnish (98%)
• French (90%)
• French (Canada) (90%)
• German (100%)
• German (Switzerland) (100%)
• Italian (100%)
• Korean (59%)
• Kurdish (56%)
• Norwegian BokmÃ¥l (64%)
• Persian (66%)
• Polish (94%)
• Portuguese (98%)
• Portuguese (Brazil) (98%)
• Slovak (100%)
• Spanish (100%)
• Swedish (85%)
• Turkish (100%)
• Vietnamese (81%)

Partial translations are available for various other languages.

The Koha team welcomes additional translations; please see http://wiki.koha-community.org/wiki/Translating_Koha

For information about translating Koha, and join the koha-translate list to volunteer

The most up-to-date translations can be found at http://translate.koha-community.org

Release Team

The release team for Koha 3.22.3 is

• Release Manager: Tomás Cohen Arazi
• QA Manager: Katrin Fischer
• QA Team:
  • Jonathan Druart
  • Brendan Gallagher
  • Kyle Hall
  • Paul Poulain
  • Martin Renvoize
  • Marcel de Rooy
• Bug Wranglers:
  • Amit Gupta
  • Indranil Das Gupta
  • Eivin Giske Skaaren
  • Zeno Tajoli
  • Mirko Tietgen
  • Marc Veron
• Packaging Manager: Robin Sheat
• Documentation Manager: Nicole C. Engard
• Translation Manager: Bernardo Gonzalez Kriegel
• Wiki curators:
  • Thomas Dukleth
  • Indranil Das Gupta
  • Brooke Johnson
• Release Maintainer (3.22.x): Julian Maurice
• Release Maintainer (3.20.x): Frédéric Demians
• Release Maintainer (3.18.x): Liz Rea

Credits

We thank the following libraries who are known to have sponsored new features in Koha 3.22.3:

• Regionbibliotek Halland / County library of Halland

We thank the following individuals who contributed patches to Koha 3.22.3:

• Blou (1)
• Briana (2)
• Natasha (2)
• Gus (6)
• Aleisha (9)
• Chloe (9)
• Alex Arnaud (1)
• Colin Campbell (1)
• Hector Castro (4)
• Marcel de Rooy (4)
• Jonathan Druart (21)
• Katrin Fischer (1)
• Mason James (3)
• Owen Leonard (1)
• Julian Maurice (4)
• Kyle M Hall (7)
• Winona Salesky (1)
• Martin Stenberg (1)
• Marc Véron (7)

We thank the following libraries, companies, and other institutions who contributed patches to Koha 3.22.3:

• ACPL (1)
• BSZ BW (1)
• BibLibre (6)
• ByWater-Solutions (7)
• KohaAloha (3)
• PTFS-Europe (1)
• Rijksmuseum (4)
• Solutions inLibro inc (1)
• bugs.koha-community.org (20)
• stacmail.net (6)
• unidentified (27)
• veron.ch (7)
• xinxidi.net (1)

We also especially thank the following individuals who tested patches for Koha 3.22.3:

• Aleisha (6)
• Briana (2)
• Chris (1)
• Chris Cormack (3)
• Hector Castro (14)
• Jacek Ablewicz (1)
• Jesse Weaver (2)
• Jonathan Druart (29)
• Julian Maurice (84)
• Katrin Fischer (17)
• Liz Rea (1)
• Magnus Enger (2)
• Marc Veron (1)
• Marc Véron (6)
• Margaret Holt (2)
• Mark Tompsett (8)
• Mirko Tietgen (4)
• Nick Clemens (1)
• Nicole Engard (2)
• Owen Leonard (11)
• Tomas Cohen Arazi (2)
• Brendan Gallagher brendan@bywatersolutions.com (7)
• Brendan A Gallagher (68)
• Kyle M Hall (37)
• Bernardo Gonzalez Kriegel (3)
• Marcel de Rooy (8)

We regret any omissions. If a contributor has been inadvertently missed, please send a patch against these release notes to koha-patches@lists.koha-community.org.

Revision control notes

The Koha project uses Git for version control. The current development version of Koha can be retrieved by checking out the master branch of git://git.koha-community.org/koha.git

The branch for this version of Koha and future bugfixes in this release line is 3.22.x.

The last Koha release was 3.22.2, which was released on January 27, 2016.

Bugs and feature requests

Bug reports and feature requests can be filed at the Koha bug tracker at http://bugs.koha-community.org

He rau ringa e oti ai. (Many hands finish the work)