Hello Wainui Witika-Park

CC Bugs 155

Needs documenting 7

• 37255 + Creating default waiting hold cancellation policy for all patron categories and itemtypes breaks Koha
• 37536 + Cataloging add item js needs to update conditional that checks op
• 36863 - CSRF Plack middleware doesn't handle the CONNECT HTTP method
• 37074 - Comment approval and un-approval should be CSRF-protected
• 37071 - Purchase suggestions from the patron account are not redirecting to the suggestion form
• 10758 + Show bibliographic information of deleted records in acquisition baskets
• 31611 + More visibly highlight records that cannot be batch deleted/modified 🎓

Pushed to stable 14

• 36943 - Update .mailmap for 24.05.x release
• 37247 + On subscriptions operation allowed without authentication
• 37018 - SQL injection using q under api/
• 31988 - manager.pl is only user for "Catalog by item type" report
• 26176 - AutoLocation is badly named 👑
• 36187 + Cannot set suggestedby when adding/editing a suggestion from the staff interface
• 37210 + SQL injection in overdue.pl
• 35942 + OPAC user can enroll several times to the same club
• 36382 + XSS in showLastPatron dropdown
• 34263 - Suspending holds consecutively populates previously used date falsely
• 36785 + Tagging: Resolve warning about unrecognized biblionumber
• 24424 + Advanced editor - interface hangs as "Loading" when given an invalid bib number
• 36565 + Fix API docs inconsistencies
• 36503 + Add a plugin hook to modify patrons after authentication

Pushed to oldstable 67

• 37183 + Serials batch edit changes the expiration date to TODAY
• 36986 + (Bug 26176 follow-up) Fix rename StaffLoginBranchBasedOnIP in DBRev
• 37378 + Patron searches can fail when library groups are set to 'Limit patron data access by group'
• 28664 + One should not be able to issue a refund against a VOID accountline
• 36424 - Database update 23.06.00.061 breaks due to syntax error
• 29087 + Holds to pull list can crash with a SQL::Abstract puke
• 37288 + Edit data provider form does not show the name
• 37351 + Checkboxes on waiting holds report are not kept when switching to another page
• 35989 + Searching Geographic authorities generates error
• 33237 + If TranslateNotices is off, use the default language includes in slips
• 37014 + "Item was not checked in" printed on next POST because of missing supplementary form
• 37607 - t/cypress/integration/ERM/DataProviders_spec.ts fails
• 37552 + Automatic renewals cronjob can die when an item scheduled for renewal is checked in
• 37337 + Submitting a similar suggestion results in a blank page
• 37411 + Exporting budget planning gives 500 error
• 36998 + 'Issue refund' modal on cash register transactions page can mistakenly display amount from previously clicked on transaction
• 36196 + Handling NULL data in ajax calls for cities
• 33455 + Heading on 'update password' page is too big 🎓
• 37435 + Cannot renew patron from details page in patron account without circulate permissions
• 36129 + Check in "Hide all columns" doesn't persist on item batch modification/deletion
• 36566 + Correct ESLlint errors in OPAC enhanced content JS
• 37425 + Deletion of bibliographic record can cause search errors
• 29509 + GET /patrons* routes permissions excessive
• 37226 + Authority hierarchy tree broken when a child (narrower) term appears under more than one parent (greater) term
• 36741 + AUTO_RENEWALS_DGST should skip auto_too_soon
• 29539 + UNIMARC: authority number in $9 displays for thesaurus controlled fields instead of content of $a
• 37157 - Error 500 when loading identity provider list
• 37016 - SIP2 renew shows old/wrong date due
• 37345 + Remember for session checkbox on checkout page not sticking
• 36527 + Patron category or item type not changing when editing another circulation rule
• 36982 + Collections facet does not get alphabetized based on collection descriptions
• 37163 - Fix the redirect after deleting a tag from an authority framework to load the right page
• 33563 - Document Elasticsearch secure mode
• 36999 - 00-strict.t fails to find koha_perl_deps.pl
• 37021 + REST API: Holds endpoint handles item_id as string in GET call
• 37037 + touch_all_biblios.pl triggers rebuilding holds for all affected records when RealTimeHoldsQueue is enabled
• 36532 + Any authenticated OPAC user can run opac-dismiss-message.pl for any user/any message
• 34718 - Input field in fund list (Select2) on receive is inactive
• 37026 + Switching tabs in the sco_main page ( Checkouts, Holds, Charges ) creates a JS error
• 35869 + Dismissing an OPAC message from SCO logs the user out
• 36948 - Adjust SIPconfig for log_file and IP version
• 36983 + B_address_2 field is required even when not set to be required
• 36459 + Backdating checkouts on circ/circulation.pl not working properly
• 37043 + Counter registry has a new API base URL
• 36938 + Biblio.t generates warnings
• 34838 + The ILL module and tests generate warnings
• 36679 + Anonymous patron is not blocked from checkout via self check
• 35904 + C4::Auth::checkauth cannot be tested easily
• 36176 + [23.11 and below] We need tests to check for 'cud-' operations in stable branches (pre-24.05)
• 37254 + Dropdown values not cleared after pressing clear in circulation rules
• 37030 + Use template wrapper for breadcrumbs: Cash register stats
• 35235 + Mismatched label on notice edit form 🎓
• 33453 + Confirmation button for 'Record cashup' should be yellow 🎓
• 35236 - Mismatched label on patron card batch edit form 🎓
• 36362 + Only call Koha::Libraries->search() if necessary in Item::pickup_locations
• 36128 + Use of uninitialized value in string eq at /usr/share/koha/lib/C4/Overdues.pm
• 30372 - Patron self registration: Extended patron attributes are emptied on submit when mandatory field isn't filled in
• 32313 - Complete database column descriptions for cataloguing module in guided reports 🎓
• 34077 + writeoff_debts without --confirm doesn't show which accountline records it would have been written off
• 37400 + On checkin don't search for a patron unless needed
• 36885 + Missing tooltip on budget planning page
• 34706 + Capitalization: Cas login 🎓
• 37036 + Cannot access template toolkit branch variable in auto renewal notices
• 25520 + Change wording on SMS phone number set up 🎓
• 36338 + Capitalization: Card number or Userid may already exist. 🎓
• 34573 + Inconsistencies in acquisitions modify vendor title tag
• 36141 - Add classes to CAS text on OPAC login page

Pushed to oldoldstable 21

• 37655 + XSS vulnerability in basic editor handling of title
• 37654 + XSS in batch record import for the citation column
• 37720 + XSS (and bustage) in label creator
• 37656 + XSS in Advanced editor for Z39.50 search results
• 34444 + Statistic 1/2 not saving when updating fund after receipt
• 13342 + Not logged in user can place a review/comment as a deleted patron
• 36891 - Restore returning 404 from svc/bib when the bib number doesn't exist
• 25387 - Merging different authority types creates no warning
• 37003 + Release team 24.11 👑
• 36816 + OPAC - Patron 'submit update request' does not work for clearing patron attribute types
• 22042 - BlockReturnofWithdrawn Items does not block refund generation when item is withdrawn and lost
• 37285 + Printing lists only prints the ten first results
• 37044 - OPAC message from SCO missing library branch
• 30493 + Pending archived suggestions appear on staff interface home page
• 36937 + api/v1/password_validation.t generates warnings
• 30715 + Terminology: Logs should use staff interface and not intranet for the interface 🎓
• 36879 + Spurious warnings in QueryBuilder
• 37198 - POD for GetPreparedLetter doesn't include 'objects'
• 35294 - Typo in comment in C4 circulation: barocode
• 36930 + Item search gives irrelevant results when using 2+ added filter criteria 👑
• 36940 + Resolve two Auth warnings when AutoLocation is enabled having a branch without branchip

Pushed to oldoldoldstable 35

• 34893 + ILS-DI can return the wrong patron for AuthenticatePatron
• 36244 - Template toolkit syntax not escaped in letter templates
• 19169 - Add a test to detect unneeded 'atomicupdate' files
• 29543 - Self-checkout allows returning everybody's loans
• 29914 - check_cookie_auth not strict enough
• 29540 - Accounts with just 'catalogue' permission can modify/delete holds
• 29541 + Patron images can be accessed with just 'catalogue' permission
• 29956 + Cookie can contain plain text password
• 28735 - Self-checkout users can access opac-user.pl for sco user when not using AutoSelfCheckID
• 30045 + SCO print slip is broken
• 28523 + Patrons with the most checkouts (bor_issues_top.pl) is failing with MySQL 8
• 28524 + Most-circulated items (cat_issues_top.pl) is failing with MySQL 8
• 28586 + Cannot resolve a claim
• 24879 - Add missing authentication checks
• 29931 - Script plugins-enable.pl should check the cookie status before running plugins
• 29544 + A patron can set everybody's checkout notes
• 36149 + userenv stored in plack worker's memory and survive from one request to another
• 28487 - Overdue_notices does not fall back to default language
• 36511 - Some scripts missing a dependency following Bug 24879
• 28960 - EDI transfer_items uses a relationship where it's looking for a field
• 28462 - TT tag on several lines break the translator tool
• 28675 + QOTD broken in 20.11 and below
• 23653 + Plack fails when http://swagger.io/v2/schema.json is unavailable and schema cache missing
• 36322 + Can run docs/**/*.pl from the UI
• 35960 - XSS in staff login form
• 29542 - User with 'catalogue' permission can view everybody's (private) virtualshelves
• 29903 - Message deletion possible from different branch
• 19613 - Scrub borrowers fields: borrowernotes opacnote
• 28926 + Update cpanfile for Mojolicious::Plugin::OpenAPI v2.16
• 29300 + Release team 22.05
• 28802 + Untranslatable strings in browser.js
• 28409 - Category should be validated in opac-shelves.pl
• 28904 - Update information on Newsletter editor on about page
• 28644 + Can't call method "borrowernumber" on an undefined value at C4/Reserves.pm line 607
• 36328 - C4::Scrubber should allow more HTML tags

Pushed to main 3

• 36375 + Inconsistencies in ContentWarningField display
• 27490 + Rename system preference language to StaffInterfaceLanguages
• 32218 + Rephrase: Allow OPAC access to users from this domain to login with this identity provider. 🎓

Needs QA 1

• 37463 - Include cover images from Amazon on staff interface check out screen for specific patron categories

Needs signoff 1

• 25193 + Add syspref to control location for use of AllowRenewalIfOtherItemsAvailable

Failed QA 1

• 37641 - Add syspref to make claim returned note mandatory

Assigned 1

• 28141 - Accessibility: OPAC Advanced Search fields aren't labelled

New 4

• 37735 - Enrolling in a club does not record the library from which the patron was enrolled [23.05.x]
• 34776 - Patron messaging preferences are lost when an error occurs during new account creation
• 34941 - Patron search to find patrons with hyphens when they haven't been added in the search
• 32469 - Keyboard shortcuts no longer work in details.pl