1 = Evergreen 3.10 Release Notes =
8 This release contains bug fixes improving on Evergreen 3.10.1. This release also includes
9 fixes for three security bugs.
14 * https://bugs.launchpad.net/evergreen/+bug/1972738[Bug 1972738] requires a schema update
15 * https://bugs.launchpad.net/evergreen/+bug/1920826[Bug 1920826] requires a schema update
16 * https://bugs.launchpad.net/evergreen/+bug/2009073[Bug 2009073] requires a schema update. Sites that have customized styles for the `oils_SH` CSS class should review their changes upon upgrade.
18 === Security Fixes ===
20 ==== Fix SQL Injection Vulnerability ====
22 An SQL injection vulnerability related to the implementation of
23 search term highlights is now closed.
25 This is https://bugs.launchpad.net/evergreen/+bug/2004055[Bug 2004055].
27 ==== Malicious Search Protection ====
29 Evergreen sometimes sees some "novel" query strings in the wild that
30 cause the search backend to time out or worse. These are sometimes
31 malicious and sometimes accidental, but the effect on users is the
34 The changes here improve query compilation in several respects in order
35 to reduce the chances of an overly complex query causing problems for
38 More work is done up front to simplify and combine parts of the
39 resulting SQL, allowing more work to be done closer to the data.
40 This change allows Evergreen to handle many more tested or chained
41 boolean expressions, and negated terms are now handled directly in
42 line with other adjacent terms. Phrases (exact matches) are now
43 searched for using Postgres' adjacency tsearch operator.
45 All of these changes work together to improve performance by getting
46 more search work done in fewer database operations while protecting
47 against certain query constructs that have caused problems in the
50 This is https://bugs.launchpad.net/evergreen/+bug/1775958[Bug 1775958].
52 ==== Restrict login redirect ====
54 As a security best-practice, Evergreen should not allow arbitrary
55 redirection on successful login, but instead limit redirection to
56 local links or configured domains and schemes.
58 This feature is controlled by a new global flag called *opac.login_redirect_domains*
59 which must contain a comma-separated list of domains. All hostnames
60 under each domain is allowed for redirect, and the scheme of the
61 redirect URL must be one of http, https, ftp, or ftps.
63 This is https://bugs.launchpad.net/evergreen/+bug/1908576[Bug 1908576].
67 ==== Accessibility ====
69 * Fixes duplicate ID in staff catalog bib actions (https://bugs.launchpad.net/evergreen/+bug/2016341[Bug 2016341])
70 * Adds empty alt attributes for images and icons that already have equivalent text representation (https://bugs.launchpad.net/evergreen/+bug/2018208[Bug 2018208])
71 * Adds labeling to captcha math problem in OPAC (https://bugs.launchpad.net/evergreen/+bug/2015141[Bug 2015141])
72 * Fixes tab order in adminitration splash pages (https://bugs.launchpad.net/evergreen/+bug/2015137)
73 * Fixes default modal background color (https://bugs.launchpad.net/evergreen/+bug/2008918[Bug 2008918])
74 * Adds aria-label to staff catalog search +/- buttons (https://bugs.launchpad.net/evergreen/+bug/2002363[Bug 2002363])
75 * Adds H1 headings to staff pages (https://bugs.launchpad.net/evergreen/+bug/1994711[Bug 1994711])
76 * Fixes headings hierarchy and source order on staff catalog search results (https://bugs.launchpad.net/evergreen/+bug/2009865[Bug 2009865])
77 * Fixes highlight contrast & semantic markup in staff catalog & Bootstrap OPAC search results (https://bugs.launchpad.net/evergreen/+bug/2009073[Bug 2009073])
78 * Adds ARIA landmarks and roles for various Angular staff interfaces
79 (https://bugs.launchpad.net/evergreen/+bug/1615707[Bug 1615707])
80 * Fixes color contrast in staff search results pagination (https://bugs.launchpad.net/evergreen/+bug/2018326[Bug 2018326])
81 * Adds accessible names to purchase order checkboxes (https://bugs.launchpad.net/evergreen/+bug/2009092[Bug 2009092])
83 ==== Acquisitions ====
85 * Fixes line item ID link in Acq Search so the PO opens and then jumps to the correct line item (https://bugs.launchpad.net/evergreen/+bug/2003946[Bug 2003946])
87 ==== Administration ====
89 * Deduplicates entries in ils_events.xml (https://bugs.launchpad.net/evergreen/+bug/1369345[Bug 1369345])
90 * Encourages distinct results when querying ahopl IDL source (https://bugs.launchpad.net/evergreen/+bug/1964986[Bug 1964986])
91 * Restores missing database updates for version-upgrade from 3.5.1 to 3.6.0 (https://bugs.launchpad.net/evergreen/+bug/1920826[Bug 1920826])
92 * Improved error handling by open-ils.pcrud (https://bugs.launchpad.net/evergreen/+bug/1808016[Bug 1808016])
96 * Adds consistency to SMS Carrier dropdown display (https://bugs.launchpad.net/evergreen/+bug/1889916[Bug 1889916])
100 * Ensures authority linker is working in all embedded MARC editors (https://bugs.launchpad.net/evergreen/+bug/1716479[Bug 1716479])
102 ==== Circulation ====
104 * Adds a note to the Mark Patron Email Invalid function (https://bugs.launchpad.net/evergreen/+bug/1752334[Bug 1752334])
105 * Treats empty string as null for preferred name field (https://bugs.launchpad.net/evergreen/+bug/1996651[Bug 1996651])
106 * Fixes incorrect total circs in Item Status Detail View (https://bugs.launchpad.net/evergreen/+bug/2018534[Bug 2018534])
107 * Removes irrelevant actions from Hold Shelf actions menu (https://bugs.launchpad.net/evergreen/+bug/2004052[Bug 2004052])
108 * Removes patron information from the 'Check Out Staff' field in Item Status Circ History list (https://bugs.launchpad.net/evergreen/+bug/2001728[Bug 2001728])
109 * Fixes a caching issue that occasionally caused incorrect holds addresses to print on transit slips (https://bugs.launchpad.net/evergreen/+bug/1778567[Bug 1778567])
113 * Adds index to speed up display of the Hopeless Holds interface in large systems (https://bugs.launchpad.net/evergreen/+bug/1972738[Bug 1972738])
114 * Adds validator to Survey Date so surveys can not be created with an end date before their start date (https://bugs.launchpad.net/evergreen/+bug/1879517[Bug 1879517])
115 * Quiets extraneous console noise in some AngularJS grids (https://bugs.launchpad.net/evergreen/+bug/2013223[Bug 2013223])
116 * Restores correct link to AngularJS Patron Requests interface (https://bugs.launchpad.net/evergreen/+bug/2019150[Bug 2019150])
117 * Fixes Angular multi-select component to add a special case for shelving locations (https://bugs.launchpad.net/evergreen/+bug/1863387[Bug 1863387])
119 ==== Course Materials ====
121 * Fixes circ modifier column in Course Materials grid (https://bugs.launchpad.net/evergreen/+bug/1972917[Bug 1972917])
123 ==== Documentation ====
125 * Fixes to Server Installation documentation
126 * Updates to Record Buckets documentation (https://bugs.launchpad.net/evergreen/+bug/1845253[Bug 1845253])
127 * Updates to Fonts & Sound Settings documentation
128 * Adds documentation for OpenAthens (https://bugs.launchpad.net/evergreen/+bug/1998921[Bug 1998921])
132 * Fixes button styling in Boostrap OPAC (https://bugs.launchpad.net/evergreen/+bug/1981774[Bug 1981774])
133 * Adjusts functionality of "Where" button in OPAC (https://bugs.launchpad.net/evergreen/+bug/1970476[Bug 1970476])
134 * Fixes Google Books preview when loading from search results page (https://bugs.launchpad.net/evergreen/+bug/1791791(Bug 1791791)
135 * Fixes label alignment in MyAccount Circ History (https://bugs.launchpad.net/evergreen/+bug/2015481[Bug 2015484])
138 ==== Miscellaneous ====
140 * Adds fixes to AngularJS test suite (https://bugs.launchpad.net/evergreen/+bug/1915326[Bug 1915326])
144 === Acknowledgements ===
146 We would like to thank the following individuals who contributed code, testing, and documentation to the 3.10.2 point release of Evergreen:
156 * Blake Graham-Henderson
165 * Andrea Buntz Neiman
179 == Evergreen 3.10.1 ==
181 This release contains bug fixes improving on Evergreen 3.10.0. This release includes
182 fixes for two security bugs.
184 === Security Fixes ===
186 ==== Protect qtype CGI Parameter ====
188 Malicious DoS attempts have been witnessed in the wild making use of
189 the fact that Evergreen does not check the contents of the `qtype` CGI
190 parameter. While these fail their intent, it would be better to
191 simply drop such searches on the floor when they're seen.
193 Evergreen will now confirm that the search class in the `qtype` parameter
194 is valid, and that the remainder of the value is structured correctly,
195 before processing the search request.
197 This is https://bugs.launchpad.net/evergreen/+bug/1811685[Bug 1811685].
199 ==== Catalog Search Denial of Service Protection ====
201 Here we add two ways to protect against denial of service attacks:
203 * Limit concurrent search requests per client IP address
204 ** This helps address issues of accidental spamming from a malfunctioning OPAC workstation, or web crawlers of various types. The limit is controlled by a global flag called *opac.max_concurrent_search.ip*. By default there is no limit set.
205 * Limit the global concurrent search requests for the same query
206 ** This helps address both simple and distributed DoS that send the same search request over and over. The limit is controlled by a global flag called *opac.max_concurrent_search.query*, and defaults to 20.
208 When a limit is exceeded the client receives an HTTP 429 "Too many requests" response from the web server, and the connection is ended.
210 This is https://bugs.launchpad.net/evergreen/+bug/1361782[Bug 1361782].
212 === Upgrade notes ===
214 * https://bugs.launchpad.net/evergreen/+bug/2003707[Bug 2003707] - During upgrade, if you're running with `opensrf_core.xml` located anywhere other than `/openils/conf` in a single-tenant manner, make sure that `SYSCONFDIR` as set in `autogen.sh` matches what's set in the installed `Cronscript.pm`
215 * https://bugs.launchpad.net/evergreen/+bug/1998355[Bug 1998355] requires a schema update
216 * https://bugs.launchpad.net/evergreen/+bug/1441750[Bug 1441750] requires a schema update
217 * https://bugs.launchpad.net/evergreen/+bug/1995623[Bug 1995623] requires a schema update
218 * https://bugs.launchpad.net/evergreen/+bug/1361782[Bug 1361782] requires a schema update
222 ==== Accessibility ====
224 * Fixes color contrast on modal headers (https://bugs.launchpad.net/evergreen/+bug/1999954[Bug 1999954])
225 * Adjusts staff interface badges to comply with color contrast guidelines (https://bugs.launchpad.net/evergreen/+bug/1999282[Bug 1999282])
226 * Increases color contrast on staff client links and buttons (https://bugs.launchpad.net/evergreen/+bug/1991562[Bug 1991562])
227 * Adds accessible search form labels to staff catalog search form (https://bugs.launchpad.net/evergreen/+bug/1998855[Bug 1998855])
228 * Adds keyboard navigation support to menus within staff catalog bib records (https://bugs.launchpad.net/evergreen/+bug/1814978[Bug 1814978])
229 * Adds input labels in the manage authorities interface fields (https://bugs.launchpad.net/evergreen/+bug/1989284[Bug 1989284)]
230 * Adds labels to metarecord holds checkboxes in staff client + alt-text for decorative image (https://bugs.launchpad.net/evergreen/+bug/1999304[Bug 1999304])
232 ==== Acquisitions ====
234 * Fixes funds dropdown in new acqusitions interfaces (https://bugs.launchpad.net/evergreen/+bug/1999544[Bug 1999544])
235 * Opens provider link in new tab (https://bugs.launchpad.net/evergreen/+bug/2004187[Bug 2004187])
236 * Adds line item count to line item search results (https://bugs.launchpad.net/evergreen/+bug/2003947[Bug 2003947])
237 * Fixes error with saving circ mods using batch line item update (https://bugs.launchpad.net/evergreen/+bug/2002920[Bug 2002920])
238 * Fixes issue where closed invoices were showing in the link to invoice modal (https://bugs.launchpad.net/evergreen/+bug/1999268[Bug 1999268])
239 * Moves line item loading progress bar to the summary area (https://bugs.launchpad.net/evergreen/+bug/1999410[Bug 1999410])
241 ==== Administration ====
243 * `autogen.sh` can now accept a `-c` switch to specify the location of `opensrf_core.xml`. This is useful for certain multi-tenant setups of Evergreen. (https://bugs.launchpad.net/evergreen/+bug/2003707[Bug 2003707])
244 * Avoids permission lookup when there's no authtoken (https://bugs.launchpad.net/evergreen/+bug/1990306[Bug 1990306])
245 * Fixes an issue with `marc_stream_importer.pl` temp file creation (https://bugs.launchpad.net/evergreen/+bug/1943634[Bug 1943634])
246 * Adds patron database ID to Stripe payment record (https://bugs.launchpad.net/evergreen/+bug/1969994[Bug 1969994])
247 * Fix to prevent multiple server processes from being created by `oils_ct.sh` (https://bugs.launchpad.net/evergreen/+bug/1908455[Bug 1908455])
248 * Fixes an issue where last-copy delete was not creating hold notices (https://bugs.launchpad.net/evergreen/+bug/2007591[Bug 2007591])
249 * Fix to reduce bloating of `search.symspell_dictionary` (https://bugs.launchpad.net/evergreen/+bug/1998355[Bug 1998355)]
250 * Fix to allow legacy `mod_perl` handlers to check `eg.auth.token` (https://bugs.launchpad.net/evergreen/+bug/1996908[Bug 1996908])
251 * Fix to change legacy `ARRAY_TO_STRING(ARRAY_AGG())\ functions to `STRING_AGG()` functions (https://bugs.launchpad.net/evergreen/+bug/1441750[Bug 1441750])
252 * Fixes typo in `AddedContent.pm` (https://bugs.launchpad.net/evergreen/+bug/2012105[Bug 2012105])
253 * Fixes permissions check in Library Settings Editor (https://bugs.launchpad.net/evergreen/+bug/2006749[Bug 2006749])
254 * Fixes regression introduced in patch for https://bugs.launchpad.net/evergreen/+bug/2006749[Bug 2006749] (https://bugs.launchpad.net/evergreen/+bug/2007880[Bug 2007880])
255 * Search performance improvements for PostgreSQL 12+ (https://bugs.launchpad.net/evergreen/+bug/1999274[Bug 1999274])
259 * Fixes an error emailing records from the staff catalog & OPAC (https://bugs.launchpad.net/evergreen/+bug/1955079[Bug 1955079])
260 * Removes deleted call numbers from shelf browse (https://bugs.launchpad.net/evergreen/+bug/2003742[Bug 2003742])
261 * Adjusts styling of disable search menu items in staff catalog search (https://bugs.launchpad.net/evergreen/+bug/1998969[Bug 1998969])
265 * Fixes issue where holdings template importer wouldn't import the full file (https://bugs.launchpad.net/evergreen/+bug/1980544[Bug 1980544])
266 * Fixes an issue where statcats in holding templates wouldn't save correctly (https://bugs.launchpad.net/evergreen/+bug/1999696[Bug 1999696])
267 * Fixes inconsistent button placement in delete holdings modal (https://bugs.launchpad.net/evergreen/+bug/1945355[Bug 1945355])
268 * Adds styling to show that a holding template changed a statcat value (https://bugs.launchpad.net/evergreen/+bug/2003755[Bug 2003755])
269 * Fixes erroneous error message in cover image upload modal (https://bugs.launchpad.net/evergreen/+bug/1988321[Bug 1988321])
270 * Fixes an issue where last-copy delete was not creating hold notices (https://bugs.launchpad.net/evergreen/+bug/2007591[Bug 2007591])
271 * Restores the ability to create empty call numbers in the holdings editor (https://bugs.launchpad.net/evergreen/+bug/1998494[Bug 1998494])
272 * Fixes MARC editor heading linker for fields 600, 651, and 655 (https://bugs.launchpad.net/evergreen/+bug/2007351[Bug 2007351])
273 * Protects "magic" statuses from overwrite when using holdings editor template (https://bugs.launchpad.net/evergreen/+bug/1999401[Bug 1999401])
274 * Prevents deletion of shelving locations with items attached + adds undelete action on shelving location editor (https://bugs.launchpad.net/evergreen/+bug/2002435[Bug 2002435])
275 * Fixes item tag scoping in holdings editor (https://bugs.launchpad.net/evergreen/+bug/1965447[Bug 1965447])
277 ==== Circulation ====
279 * Clears `hopeless_date` when hold is captured (https://bugs.launchpad.net/evergreen/+bug/1915440[Bug 1915440])
280 * Fixes an issue where large hold shelf lists could fail to load (https://bugs.launchpad.net/evergreen/+bug/1971745[Bug 1971745])
281 * Fixes slowness in the holds shelf query (https://bugs.launchpad.net/evergreen/+bug/1971745[Bug 1971745])
282 * Fixes an issue where the patron registration form sent unnecessarily large amount of data upon save (https://bugs.launchpad.net/evergreen/+bug/1976126[Bug 1976126])
283 * Fixes display issue with depth selector in patron note modal (https://bugs.launchpad.net/evergreen/+bug/1980874[Bug 1980874])
284 * Removes extra "pre-fetch all holds" checkbox from view holds page (https://bugs.launchpad.net/evergreen/+bug/2002337[Bug 2002337])
288 * Adds localization to Record Summary heading (https://bugs.launchpad.net/evergreen/+bug/1999446[Bug 1999446])
289 * Adds a user-visible error if a user attempts to login to the staff client without STAFF_LOGIN permissions (https://bugs.launchpad.net/evergreen/+bug/1969641[Bug 1969641])
290 * Fixes grid refresh issue on old Dojo grids (https://bugs.launchpad.net/evergreen/+bug/1625192[Bug 1625192])
291 * Fixes shelving location selector that was broken in several interfaces (https://bugs.launchpad.net/evergreen/+bug/1995418[Bug 1995418]
292 * Angular fixes including removing alert_message from print template, adding min/max to date picker, and preventing selecting a past date at checkout (https://bugs.launchpad.net/evergreen/+bug/1995623[Bug 1995623])
293 * Adds offline message to Angular login page (https://bugs.launchpad.net/evergreen/+bug/1958258[Bug 1958258])
294 * Fixes Angular login redirect issue (https://bugs.launchpad.net/evergreen/+bug/2006513[Bug 2006513])
297 ==== Documentation ====
299 * Updates to Standing Penalties and Group Penalty Thresholds documentation
300 * Updates `create_release_notes.sh` to use asciidoctor formatting (https://bugs.launchpad.net/evergreen/+bug/1995653[Bug 1995653])
301 * Adds Evergreen Web Services documentation
302 * Adds Mark Item as Missing Pieces documentation (https://bugs.launchpad.net/evergreen/+bug/1706664[Bug 1706664])
303 * Updates to Server Installation documentation for current ng-build parameters (https://bugs.launchpad.net/evergreen/+bug/1863921[Bug 1863921])
304 * Updates to Web Client Best Practices documentation
305 * Updates to Describing Your Organization documentation
306 * Updates to Load MARC Order Records documentation
307 * Updates to Purchase Order, Selection Lists, and Line Items documentation
311 * Fixes Google Books preview (https://bugs.launchpad.net/evergreen/+bug/1955403[Bug 1955403])
312 * Fixes patron address alignment (https://bugs.launchpad.net/evergreen/+bug/1944602[Bug 1944602])
313 * Fixes button arrangement in MyAccount holds interface (https://bugs.launchpad.net/evergreen/+bug/1980275[Bug 1980275])
314 * Fixes alignment in publication year search filter fields (https://bugs.launchpad.net/evergreen/+bug/1974581[Bug 1974581])
315 * Fixes an issue with holds history pagination (https://bugs.launchpad.net/evergreen/+bug/1422927[Bug 1422927])
316 * Adds localization to sr-only, aria-label, and title fields (https://bugs.launchpad.net/evergreen/+bug/1992490[Bug 1992490])
317 * Fixes an error emailing records from the staff catalog & OPAC (https://bugs.launchpad.net/evergreen/+bug/1955079[Bug 1955079])
318 * Fixes display problem in 856 subfields $n, $z, and $3 (https://bugs.launchpad.net/evergreen/+bug/1966995[Bug 1966995])
319 * Fixes facet display issue in grouped record search results (https://bugs.launchpad.net/evergreen/+bug/1980304[Bug 1980304])
320 * Fixes small-screen display issue with navigation links in copy table (https://bugs.launchpad.net/evergreen/+bug/1983729[Bug 1983729])
321 * Fixes small-screen display issue with table displays (https://bugs.launchpad.net/evergreen/+bug/1984269[Bug 1984269])
322 * Corrects duplicate DOB display in patron self-registration form (https://bugs.launchpad.net/evergreen/+bug/1965065[Bug 1965065])
323 * Fixes display issue with applied filters (https://bugs.launchpad.net/evergreen/+bug/1980302[Bug 1980302])
324 * Fixes syntax error introduced in bug https://bugs.launchpad.net/evergreen/+bug/1992490[Bug 1992490] (https://bugs.launchpad.net/evergreen/+bug/2008925[Bug 2008925])
325 * Fixes styling of patron messages (https://bugs.launchpad.net/evergreen/+bug/1980142[Bug 1980142])
327 ==== Miscellaneous ====
329 * Fixes field order in New Survey modal (https://bugs.launchpad.net/evergreen/+bug/1991590[Bug 1991590])
330 * Changes Angular `styleext` setting to `style` (https://bugs.launchpad.net/evergreen/+bug/1995211[Bug 1995211])
334 * Fixes an error with display of certain shared reports folders (https://bugs.launchpad.net/evergreen/+bug/1999944[Bug 1999944])
337 === Acknowledgements ===
339 We would like to thank the following individuals who contributed code, testing, and documentation to the 3.10.1 point release of Evergreen:
351 * Blake Graham-Henderson
365 * Andrea Buntz Neiman
378 == Evergreen 3.10.0 ==
380 === Upgrade notes ===
382 The database update includes a partial reingest.
387 ==== Acquisitions ====
389 ===== Further Angularization of Acquisitions Interfaces =====
391 The following acquisitions interfaces were rewritten in Angular:
393 * Purchase Orders and Selection Lists
394 * Line Item management, including
395 ** Receiving and claiming
396 ** Creation of line item items singly and in batch
397 * Load MARC Order Records
399 Improvements over the previous interfaces include:
401 * The line item table can now be sorted and filtered
402 * New settings to control the owning library that is
403 applied to auto-created line item items.
405 ===== Support for Advanced Shipment Notices in Acquisitions =====
407 This version of Evergreen supports DESADV EDI messages. These messages are
408 created by vendors when they pack and ship items, and contain:
410 * A list of dispatched POs, lineitems, and the number of items per lineitem.
411 * A package-level barcode (e.g. https://en.wikipedia.org/wiki/Serial_shipping_container_code) that represents the package as a whole.
413 Staff can scan that package-level barcode to retrieve information on every
414 item in the package, including an option to auto-receive every item in the box.
416 ===== New column in General Acquisitions Search =====
418 The general acquisitions search grid now has a column
419 for purchase order ID.
421 ===== New Permission for Fund Rollovers =====
423 A new permission, `ADMIN_FUND_ROLLOVER`, is added to control access
424 to the fund rollover function. This allows having some users be able
425 to manage funds without being to invoke the rollover action, as
426 rollovers can be hard to undo.
428 During upgrade, any permission group with the `ADMIN_FUND` permission
429 will get the new `ADMIN_FUND_ROLLOVER` permission to avoid surprises.
430 Consequently, an Evergreen administrator who wishes to lock down
431 access to the feature should follow up by removing the new permission
434 In new databases, `ADMIN_FUND_ROLLOVER` is granted only to the stock
435 Acquisitions Administrators permission group.
437 ===== Inactive funds can no longer make allocations or transfers =====
439 In the Funds Administration page, if a fund is not marked as
440 active, the "Create allocation" and "Transfer money" options
441 will no longer be available.
443 In the occassional cases where these operations are necessary,
444 you can edit the fund to mark it active, perform your financial
445 operations, then mark it inactive again.
447 ==== Administration ====
449 ===== Geosort feature can now use Bing Maps API =====
451 The API can be configured at *Server Administration*
452 -> *Geographic Location Service*.
454 ===== Refresh Time for Carousel =====
456 This adds the time (rather than just the date) to the
457 Last Refresh Time column of the Local Administration >
460 ===== Hours of Operation Note field =====
462 Adds a note field to each day's hours to record split hours or service related notes. The notes appear enclosed in parentheses next to each day's hours when viewing a library's hours in the Bootstrap OPAC and TPAC
464 ===== HTML email =====
466 Administrators can now configure action triggers to send HTML-formatted
467 email. Evergreen continues to send emails in plain-text by default, but
468 you can now configure an email template to send as HTML by adding the appropriate
469 header to the email. For example: Content-Type: text/html;charset=utf-8
471 ===== Match Quality Ratio Option Added to marc_stream_importer.pl =====
473 Command line options have been added to the marc_stream_importer.pl
474 support script to specify the match quality ratio used when matching
475 bibliographic or authority records for overlay:
477 * --bib-match-quality-ratio
478 * --auth-match-quality-ratio
480 These options specify the match quality ratio, as a decimal number
481 (i.e. 1.0), for overlay of records with the overlay on 1 match
482 options. They correspond to the similar options in the staff client
485 ===== Configuring sign-on to OpenAthens =====
488 ====== Purpose ======
490 If your institution uses OpenAthens, you can configure Evergreen to sign
491 patrons in to OpenAthens using their Evergreen account. This will let them
492 connect to OpenAthens resources seamlessly once they have logged in to
493 Evergreen. Patrons are assigned an OpenAthens identity dynamically based
494 on their Evergreen login, and do not need accounts created manually in
497 ====== Registering your Evergreen installation with the OpenAthens service ======
499 Using your OpenAthens administrator account at https://admin.openathens.net/,
500 complete the following steps:
502 . Register a local authentication connection for Evergreen:
503 .. Go to *Management* -> *Connections*.
504 .. Under *Local authentication* click *Create*.
505 .. In the wizard that appears, select *Evergreen* as the local authentication
506 system type (or *API* if Evergreen is not listed) and click *Configure*.
507 .. For *Display name*, enter the name of your Evergreen portal that your
508 patrons will be familiar with. They will need to be able to recognise and
509 select this name from a list of sign-in options on OpenAthens.
510 .. For *Callback URL* enter *https://<HOSTNAME>/eg/opac/sso/openathens* where
511 <HOSTNAME> is the public hostname of your Evergreen installation, and click
512 *Save*. (If you have installed Evergreen somewhere other than /eg, modify the
514 .. On the details page that appears, take a copy of the *Connection ID* and
515 *Connection URI* that have been generated. You will need these when
516 configuring Evergreen.
517 . Generate an API key:
518 .. Go to *Management* -> *API keys* and click *Create*.
519 .. For *Name*, enter 'Evergreen' or whatever name you use for your Evergreen
520 portal internally, and click *Save*.
521 .. Take a copy of the 36-character key that has been generated. You will need
522 this when configuring Evergreen.
524 Full OpenAthens documentation for local authentication API connections is
525 available at http://docs.openathens.net/display/public/MD/API+connector.
527 ====== Configuring Evergreen ======
529 OpenAthens sign-on is configured in the staff client under *Local
530 Administration* -> *OpenAthens Sign-on*. To make a connection, select *New
531 Sign-on to OpenAthens*, and set the values as follows:
533 * *Owner* - the organisation within your library hierarchy that owns the
534 connection to OpenAthens. If your whole consortium has signed up to OpenAthens
535 as a single customer, then you would select the top-level. If only one
536 regional library system or branch is the OpenAthens customer, select that.
537 Whichever organisation you select, the OpenAthens connection will take effect
538 for all libraries below it in your organisational hierarchy. A single
539 OpenAthens sign-on configuration normally equates to a single *domain* in the
540 OpenAthens service. If in doubt refer to your OpenAthens account manager or
541 implementation partner.
542 * *Active* - Enable this connection (enabled by default). N.B. Evergreen
543 does not support more than one active connection to OpenAthens at a time per
544 organisation. If more than one connection is added per organisation,
545 Evergreen will use only the _first_ connection that has *Active* enabled.
546 * *API key* - the 36-character OpenAthens *API key* that was generated in step
548 * *Connection ID* - the numerical *Connection ID* that was generated for the
549 OpenAthens local authentication connection in step 1 above.
550 * *Connection URI* - the *Connection URI* that was generated for the
551 OpenAthens local authentication connection in step 1 above.
552 * *Auto sign-on* - controls _when_ patrons are signed on to OpenAthens:
553 ** *enabled* (recommended) - As soon as a patron logs in to Evergreen, they
554 are signed in to OpenAthens. This happens via a quick redirect that the user
556 ** *disabled* - The patron is not signed in to OpenAthens to start with. When
557 they first access an OpenAthens-protected resource, they will need to search
558 for your institution at the OpenAthens log-in page and choose your Evergreen
559 portal as the sign-in method (they will see the name you entered as the
560 *Display name* in step 1 above). Evergreen will then prompt for log-in if
561 they have not already logged in. After that, they are signed in to OpenAthens
562 and OpenAthens redirects them to the resource.
563 * *Auto sign-out* - controls whether the patron is signed out of OpenAthens
564 when they log out of Evergreen. If *enabled* the patron will be sent to the
565 OpenAthens sign-out page when they log out of Evergreen. You can optionally
566 configure the OpenAthens service to send them back to your home page again
567 after this; the setting can be found at https://admin.openathens.net/ under
568 *Preferences* -> *Domain* -> *After sign out*.
569 * *Unique identifier field* - controls which attribute of patron accounts is
570 used as the unique identifier in OpenAthens. The supported values are 'id'
571 and 'usrname', but you should leave this set to the default value of 'id'
572 unless you have a reason to do otherwise. It is important that this attribute
573 does not change during the lifetime of a patron account, otherwise they would
574 lose any personalised settings they have saved on third party resources. It
575 is also important that you do not re-use old patron accounts for new users,
576 otherwise a new user could see personalised settings saved by an old user.
577 * *Display name field* - controls which attribute of patron accounts is
578 displayed in the OpenAthens portal at https://admin.openathens.net/. (This
579 is where you can see which accounts have been used, and what use patrons are
580 making of third party resources.) The supported values are 'id', 'usrname'
581 and 'fullname'. Whichever you choose, OpenAthens will only use it within
582 your portal view; it won't be released to third-party resources.
583 * *Release X* - one setting for each of the attributes that it is possible to
584 release to OpenAthens. Depending on your user privacy policy, you can
585 configure any of these attributes to be released to OpenAthens as part of
586 the sign-on process. None are enabled by default. OpenAthens in turn doesn't
587 store or release any of these attributes to third party resources, unless
588 you configure that separately in the OpenAthens portal. You have to
589 configure this in two stages. Firstly, mapping Evergreen attributes to
590 OpenAthens attributes, and secondly releasing OpenAthens attributes to third
591 party resources. See the OpenAthens documenation pages at
592 http://docs.openathens.net/display/public/MD/Attribute+mapping and
593 http://docs.openathens.net/display/public/MD/Attribute+release. You will need
594 to know the exact names of the attributes that are released. These are listed
595 in the following table:
598 |Setting|Attribute released|Description
602 |the patron's prefix, overriden by the preferred prefix if that is set
606 |the patron's first name, overriden by the preferred first name if that is set
610 |the patron's middle name, overriden by the preferred middle name if that is set
614 |the patron's last name, overriden by the preferred last name if that is set
618 |the patron's suffix, overriden by the preferred suffix if that is set
622 |the patron's email address
624 |Release home library
626 |the _shortcode_ of the patron's home library (e.g. 'BR1' in the Concerto
631 |the patron's barcode
634 Click 'Save' to finish creating the connection. (If you can't see the
635 connection you just created for a branch library, enable the "+ Descendants"
638 ====== Network access - server ======
640 As part of the sign-on process, Evergreen makes a connection to the OpenAthens
641 service to transfer details of the user that is signing on. This data does not
642 go via the user's browser, to avoid revealing the private API key and to avoid
643 the risk of spoofing. You need to open up port 443 outbound in your firewall,
644 from your Evergreen server to login.openathens.net.
646 ====== Network access - web client ======
648 If you restrict internet access for your web client machines, you need to open
649 up port 443 outbound in your firewall, from your web clients to the following
652 * connect.openathens.net
653 * login.openathens.net
654 * wayfinder.openathens.net
656 ====== Admin permissions ======
658 To delegate OpenAthens configuration to other staff users, assign the
659 *ADMIN_OPENATHENS* permission.
661 ===== Optionally allow patrons to renew after hitting fine maximum =====
663 When a patron hits the max fine limit, a standing penalty is applied to their account. By default, that penalty (PATRON_EXCEEDS_FINES)
664 is configured to block renewals.
666 This release adds a new org unit setting, _circ.permit_renew_when_exceeds_fines_. If enabled for a particular org unit, renewals are
667 permitted (as long as all other circulation eligibility criteria are met).
669 ===== Optionally remove traditional catalog from menu =====
671 Libraries that have fully migrated to the Angular staff catalog
672 may optionally hide the "Staff Catalog (Traditional)" menu
673 options. To do so, in the Library Settings Editor, set the
674 "ui.staff.traditional_catalog.enabled" setting to False.
676 After changing the setting, you will need to log out and log
677 back in to see the changes to the menu.
679 ==== Architecture ====
681 ===== (Developer-focused) Use ESLint for eg2 =====
683 The `eg2` Angular application now uses ESLint rather than TSLint for
684 source code linting. This is motivated by the deprecation of TSLint
685 by the Angular CLI, but ESLint also offer some improvements.
687 In particular, ESLint checks the HTML templates in addition to the
688 TypeScript code. For example, it will catch uses of `==` in the
689 templates when `===` is preferred.
691 The primary ESLint rules applied to the project are configured in
692 `Open-ILS/src/eg2/.eslintrc.json`. To override them for specific
693 directories, `.eslintrc` files can be used. An example of this
694 is `Open-ILS/src/eg2/src/app/share/.eslintrc`, which turns off
695 the `angular-eslint/no-output-on-prefix` check that discourages
696 using `onFoo` as the name of `@Output()` properties. This rule
697 is now enforced in most of `eg2`, but it was decided not to immediately
698 mandate for shared components.
700 The command to run the lint checks remains the same: from
701 `Open-ILS/src/eg2/`, run `ng lint`.
703 ===== Operating System Requirements =====
705 Evergreen 3.10 now supports installation on Ubuntu 22.04 (Jammy Jellyfish).
707 This release removes support for Debian Stretch and Ubuntu 18.04 (Bionic Beaver).
711 ===== Record Note Merges =====
713 During a merge of bibliographic records notes will now merge and a
714 notation on each added that they were originally from another record.
715 A note is also added that the merge was performed.
717 ==== Circulation ====
719 ===== Experimental Angular Circulation Interfaces =====
721 This Evergreen release includes new, experimental versions of many
722 circulation interfaces. To enable these interfaces:
724 . In the Library Settings Editor, enable the setting called
725 _Enable Angular Circulation Menu_.
726 . Add the _ACCESS_ANGULAR_CIRC_ permission to any users who
727 will be testing the experimental interfaces.
729 These interfaces are experimental, and should not be used for production
730 work. Please report any issues with the interfaces at
731 https://bugs.launchpad.net/evergreen
733 ===== New Patrons with Negative Balances interface =====
735 The _Patrons with Negative Balances_ interface has been re-implemented
738 ===== OPAC-visible statisitical categories are now visible in the OPAC =====
740 This release restores a previously available feature: the ability to
741 display statistical categories (stat cats) in the OPAC. If an
742 item stat cat has "OPAC Visibility" set to true, its values will
743 display in the record page's item table, underneath the call number.
744 If a patron stat cat has "OPAC Visibility" set to true, its values
745 will display in the patron's account under Preferences ->
746 Personal Information (below the account expiration date).
748 Since these values have not been visible for some time, Evergreen
749 libraries may wish to review them before making them public. To
750 set all stat cats to private, so that OPAC visibility can be
751 restored on a case-by-case basis after review, you can use the
757 UPDATE asset.stat_cat SET opac_visible=false WHERE opac_visible=true;
760 UPDATE actor.stat_cat SET opac_visible=false WHERE opac_visible=true;
763 ===== Renewal Due Date Extended to Cover Lost Time =====
765 When an item is renewed before it's due date, libraries now have the option
766 to extend the renewal's due date to include any time lost from the early
769 For example, a 14 day checkout renewed after 12 days will result in a due date
770 on the renewal of 14 days plus 2 days to cover the lost time.
772 ====== Settings ======
774 Two new fields are available under Admin => Local Administration =>
775 Circulation Policies.
777 *Early Renewal Extends Due Date*
779 Enables this new feature for a circulation policy.
781 *Early Renewal Minimum Duration Interval*
783 Specifies the amount of time a circulation has to be checked out before a
784 renewal will result in an extended due date.
786 For example, if you wanted to support due date extensions on 14-day checkout
787 renewals, but only if the item has been checked out at least 8 days, you
788 would enter "8 days" for the value of this field.
790 If no value is set for a given matchpoint that supports renewal extension,
791 all renewals using that matchpoint will be eligible.
793 ===== Override All Option when Placing Multiple Staff Holds =====
795 When placing multiple holds in the Angular Staff Catalog, staff users with permission to override the failed holds will see an Override All button which will perform all overrides at once.
797 Overriding each failed hold individually remains an option.
799 ===== Source library addresses now available on transit slips =====
801 Transit slip templates previously could include the address of
802 the library that the item is being transitted _to_. With this
803 release, the address of the library the item is being transitted
804 _from_ is also available.
805 This change applies to both the Hold Transit Slip and the Transit
808 ===== Courses can be un-archived =====
810 Course reserves staff can now un-archive a course that was previously archived, either from
811 its course page, or from the course list.
813 Un-archiving a course makes it active again. Users with public roles in the course (such
814 as instructors) remain associated with the course. Non-public users (such as students)
819 ===== Additional trailing punctuation removed from certain fields =====
821 MarcXML facet, display, and browse fields will undergo some extra
822 cleanup before displaying to a user. Of particular note for any
823 title fields that match these criteria, ending `/`, `:`, `;`, and
826 This change does not affect MODS fields. You can check if a
827 particular field uses MarcXML or MODS in Server Administration
828 -> MARC Search/Facet Fields by consulting the Format column.
831 ==== Miscellaneous ====
833 * The Field Documentation interface (under Local Administration) has
834 been ported to Angular with an org selector as an additional filter.
835 * The Pending Users and Bucket View grids in the User Buckets interface
836 now includes a column for the patron's balance owed. (LP#1980257)
837 * Patron Interface Gets a New Penalty Refresh Action. (LP#1823225)
838 * A new workstation setting optionally allows the full library name to be
839 added to the Angular Org Unit Selector. (LP#1771636)
840 * The tabs on the Claiming Administration page have been reordered to
841 Claim Policies, Claim Policy Actions, Claim Event Types, and Claim
842 Types. This reflects the fact that Claim Types tend to be configured
843 once and are not typically adjusted when setting up a new claim
845 * Links in the staff catalog summary area now open in a new tab. (LP#1953692)
846 * The Item Status list view now includes an optional column for
847 Total Circulations. (LP#1964629)
848 * The credit card payment approval code is now available as a column in
849 the bill history payments table in the patron record. (LP#1818303)
850 * The group member details grid now contains columns for preferred names.
852 * The patron profile name is now available to the Hold Shelf Slip
853 print template as `patron.profile.name`. (LP#1724032)
854 * Removed the Message Center from the Patron -> Other Menu (deprecated),
855 added action for unarchiving Notes, and added confirmation dialogs
856 for Remove Note, Archive Note, and Unarchive Note. (LP#1977877)
857 * Curbside request notes and user messages are now purged when a user
858 record is deleted. (LP#1934162)
859 * If the patron record has a preferred name set, the SIP server now
860 returns it in response to patron lookups. (LP#1984114)
861 * The label and description of the acq.fund.allow_rollover_without_money
862 library setting are updated for greater clarity (LP#1982031)
863 * The Cash Reports interface (under Local Administration) is ported to
864 Angular. (LP#1859701)
865 * The Library Settings Editor (under Local Administration) is ported to
866 Angular. (LP#1839341)
868 ==== Acknowledgments ====
870 The Evergreen project would like to acknowledge the following
871 organizations that commissioned developments in this release of
875 * Evergreen Community Development Initiative
876 * Equinox Open Library Initiative
877 * King County Library System
879 We would also like to thank the following individuals who contributed
880 code, translations, documentations patches and tests to this release of
897 * Blake Graham Henderson
912 * Andrea Buntz Neiman
926 We also thank the following organizations whose employees contributed
933 * Equinox Open Library Initiative
934 * Georgia Public Library Service
935 * Greater Clarks Hill Regional Library
936 * Kenton County Library
937 * King County Library System
938 * Lake Agassiz Regional Library
939 * Linn Benton Community College
943 * Princeton University
945 * Westchester Library System
947 We regret any omissions. If a contributor has been inadvertently
948 missed, please open a bug at http://bugs.launchpad.net/evergreen/