Saltar al contenido

Koha 17.05.03 parche de seguridad

30 de agosto de 2017

La comunidad de Koha acaba de presentar el parche de seguridad 17.05.03, este parche se centra en mejorar la seguridad del sistema

 

Security bugs fixed

  • [19035] Stored XSS in patron lists – lists.pl
  • [19114] Stored XSS in parcels.pl
  • [19112] Stored XSS in basketheader.pl page
  • [19110] XSS Stored in branches.pl
  • [19100] XSS Flaws in memberentry.pl
  • [19105] XSS Stored in holidays.pl
  • [16069] XSS issue in basket.pl
  • [19079] XSS Flaws in Membership page
  • [19033] XSS Flaws in Currencies and exchange page
  • [19034] XSS Flaws in- Cities – Z39.50/SRU servers administration – Patron categories pages
  • [19050] XSS Flaws in Quick spine label creator
  • [19051] XSS Flaws in – Batch record deletion page – Batch item deletion page – Batch item modification page
  • [19052] XSS Flaws in – vendor search page – Invoice search page
  • [19054] XSS Flaws in Report – Top Most-circulated items
  • [19078] XSS Flaws in System preferences
  • [18726] OPAC XSS – biblionumber

Enhancements

Acquisitions

  • [18839] suggestion.pl: ‘unknown’ is spelled ‘unkown’

Architecture, internals, and plumbing

  • [18361] Koha::Objects->find should accept composite primary keys
  • [18539] Forbid Koha::Objects->find calls in list context

Critical bugs fixed

Patrons

  • [18987] When browsing for a patron by last name the page processes indefinitely

Other bugs fixed

Architecture, internals, and plumbing

  • [18605] Remove TRUNCATE from C4/HoldsQueue.pm

I18N/L10N

  • [18367] Fix untranslatable string from Bug 18264

OPAC

  • [18545] Remove use of onclick from OPAC Cart

Patrons

  • [18832] Missing space between icon and label in button ‘Patron lists’

System Administration

  • [18965] branch transfer limits pagination save bug

Templates

  • [19000] about page – Typo in closing p tag

Test Suite

  • [18951] Some t/Biblio tests are database dependent
  • [18976] Fix t/db_dependent/Auth.t cleanup
  • [18977] Rollback branch in t/db_dependent/SIP/Message.t
  • [18982] selenium tests needs too many prerequisites
  • [18991] Fix cleanup in t/db_dependent/Log.t

Tools

  • [18918] Exporting bibs in CSV when you have no CSV profiles created causes error