[OPEN-ILS-GENERAL] Security releases: Evergreen 2.12.12 and Evergreen 3.0.6

[Galen Charlton]

Hi,

Evergreen 2.12.12 Evergreen 3.0.6 are now available. These are
security releases; the Evergreen developers strongly urge users to
upgrade as soon as possible.

These releases fixes several cross-site scripting (XSS)
vulnerabilities in the public catalog. When upgrading, Evergreen
administrators should review whether any of the following templates
have been customized or overridden. If so, either the template should
be replaced with the stock version or the XSS fix (which entails
adding the | html filter in several places) applied to the customized
version.

* Open-ILS/src/templates/opac/parts/record/contents.tt2
* Open-ILS/src/templates/opac/parts/record/copy_counts.tt2
* Open-ILS/src/templates/opac/parts/record/issues-mfhd.tt2

Evergreen 3.0.6 also includes several changes improving on Evergreen 3.0.5:

* When using ‘Selection Lists -> Edit MARC Order Record’ in the web
staff client, now only one click is required to save the MARC record
rather than two.
* The volume/copy editor in the web staff client now better handles
editing multiple items that have different sets of statistical
category values assigned to them.
* The act of merging bibliographic records now updates bookbags that
referred to the source bibliographic record rather than effectively
deleting entries for that record.
* Additional columns were added to the Holds Pull List in the web staff client.
* The patron registration form in the web staff client now correctly
manages setting user preferences.
* An error in a pgTAP unit test was corrected.

Please visit the Evergreen download page
<https://evergreen-ils.org/egdownloads/> to retrieve the latest
releases and consult the release notes.

Regards,

Galen
-- 
Galen Charlton
Infrastructure and Added Services Manager
Equinox Open Library Initiative
phone:  1-877-OPEN-ILS (673-6457)
email:  gmc at equinoxInitiative.org
web:  https://equinoxInitiative.org
direct: +1 770-709-5581
cell:   +1 404-984-4366