evergreen:tags/rel_2_3_11

Last commit made on 2013-10-03
Get this branch:
git clone -b tags/rel_2_3_11 https://git.launchpad.net/evergreen

Branch merges

Branch information

Name:
tags/rel_2_3_11
Repository:
lp:evergreen

Recent commits

4483452... by Bill Erickson on 2013-10-03

Bumping version numbers, adding Upgrade Script and Changelog

Signed-off-by: Bill Erickson <email address hidden>

569a76a... by Bill Erickson on 2013-10-03

Bumping OpenILS VERSION to 2.0311

Signed-off-by: Bill Erickson <email address hidden>

fd5140e... by Bill Erickson on 2013-10-03

2.3.11 translations import

Signed-off-by: Bill Erickson <email address hidden>

a6e64bf... by Galen Charlton on 2013-09-26

LP#1207281: require SSL when downloading offline patron list

This patch builds on the previous one by forcing use of
SSL for downloading the offline patron list.

Signed-off-by: Galen Charlton <email address hidden>
Signed-off-by: Bill Erickson <email address hidden>

a97d5e0... by Michael Peters on 2013-09-24

LP#1207281 Prevent download of offline patron list without authentication

This patch addresses the vulnerability which allowed a user with the proper
knowledge of the location of offline patron lists to download the file over
regular HTTP without any staff credentials.

This small addition to eg_vhost.conf.in will present users with a login prompt
when trying to access the /standalone/ subdirectory on an Evergreen server.

Users are able to download the patron list in the staff client as normal
because they already have obtained credentials during the normal staff client
authentication process.

Signed-off-by: Michael Peters <email address hidden>
Signed-off-by: Galen Charlton <email address hidden>
Signed-off-by: Bill Erickson <email address hidden>

caa6587... by Ben Shum on 2012-10-12

LP#1066141: add authtoken check and related permission for age to lost function

The SET_CIRC_LOST permission is now required in order to invoke
the open-ils.circ.circulation.age_to_lost method.

Signed-off-by: Ben Shum <email address hidden>
Signed-off-by: Galen Charlton <email address hidden>
Signed-off-by: Bill Erickson <email address hidden>

e8d713d... by Jason Stephenson on 2013-01-30

Fix an omission in the log redaction configuration.

open-ils.actor.patron.password_reset.commit was omitted in the
<log_protect> block of opensrf_core.xml.example. This commit adds
it and updates the release notes for 2.3 to include it.

There is also a release notes file informing users that they need to
edit opensrf_core.xml to address this issue.

Signed-off-by: Jason Stephenson <email address hidden>
Signed-off-by: Galen Charlton <email address hidden>
Signed-off-by: Bill Erickson <email address hidden>

9f35cdf... by Pasi Kallinen on 2013-09-11

Fix delete items confirmation typo.

Signed-off-by: Pasi Kallinen <email address hidden>
Signed-off-by: Ben Shum <email address hidden>

c9029e1... by Lebbeous Fogle-Weekley <email address hidden> on 2013-09-05

Better handling of purchase_order being non-numeric

Signed-off-by: Lebbeous Fogle-Weekley <email address hidden>
Signed-off-by: Ben Shum <email address hidden>

40b54d0... by Bill Erickson on 2013-08-22

Action/Trigger load environment via stream

Load objects in the A/T environment via streaming response instead of
atomic, to avoid very large messages.

Signed-off-by: Bill Erickson <email address hidden>
Signed-off-by: Chris Sharp <email address hidden>