This release is a security release that also contains several other bug fixes improving on Evergreen 2.11.4.
This release fixes several cross-site scripting (XSS) vulnerabilities
in the public catalog. When upgrading, Evergreen administrators should
review whether any of the following templates have been customized
or overridden. If so, either the template should be replaced with the
stock version or the XSS fix (which entails adding the | html
filter
in several places) applied to the customized version.
Open-ILS/src/templates/opac/parts/locale_picker.tt2
Open-ILS/src/templates/opac/parts/login/form.tt2
Open-ILS/src/templates/opac/parts/searchbar.tt2