OpenBiblio

File Release Notes and Changelog

Release Name: version 0.5.2

Notes:
OpenBiblio version 0.5.2 fixes a number of longstanding bugs
as well as several security issues.  ALL USERS ARE URGED TO
UPGRADE.  For more details, see the ChangeLog or the news
announcement.

IMPORTANT: There is an outstanding security issue in the
reports system that allows a staff member with report
privileges to execute arbitrary SQL commands on the database
server. This means that any staff member with report
privileges is equivalent to a staff member with all
privileges. This issue will be fixed in the next release
(hopefully within a few weeks), but until then, only grant
reports privileges to highly trusted staff.

Changes:
---- 0.5.2 ----
* Allow user-specified member classes with individual checkout privileges
* Show per-material type custom MARC fields on view/edit pages
* User-defined custom fields on member records
* Integrate new, more robust install/upgrade system
* Add some help files contributed by Hans van der Weij
* Fix short_open_tags bugs
* Allow days due back to have more than 2 digits
* Make holds expire after user-specified maximum days
* Add automatic barcode generation, thanks to Hans van der Weij
* Improve error detection and handling
* Add renewal functionality
* Fix a large number of escaping bugs
* Make author search look in field 700 as well as 100
* Fix MySQL 4.1+ password encryption incompatibility
* Use default currency symbols if none defined in locale
* Fix a number of interface spelling errors
* Make mbrid and bibid linking in report displays work for tables besides biblio and member
* Improve international address support by having a single, multiline address field
* Fix timeout errors by sending users to tab index after login
* Hack around system locale name differences for en and de locales
* Fix local file include vulnerabilities in shared/header.php and shared/help.php
* Fix join syntax for newer MySQL compatibility
* Fix bug 1082970
* Import Selenium functional tests