EPrints 3.4.3
Revision as of 10:57, 2 October 2020 by Drn@ecs.soton.ac.uk (talk | contribs) (Added changes up to 2nd Octover 2020.)
This page contains information about the provisional EPrints v3.4.3 tag and release on GitHub scheduled for the end of December 2020.
Contents
Planned Features and Improvements
- Improvements for Accessibility of backend administration pages.
- Review of EPrints support for multiple different XML libraries.
- Better Sanitisation of filenames for uploads.
- Tools to fix and protection against generation of invalid XML revision files.
See 3.4.3 milestone on GitHub for more details.
Provisional Release Notes
New Dependencies
None as yet. Check earlier dependencies for EPrints 3.4.2 and before.
Changes Since 3.4.2
New Functionality
- Provides function (EPrints::Utils::compare_version) for comparing EPrints software versions so plugins can choose to behave differently.
Security and Privacy Improvements
- Makes JSON export respect value set for export_as_xml to avoid exporting unintended fields.
- Sets contact_email to not export by default for better GDPR compliance.
- Rate limits failed local login attempts for a particular user. Defaults to 10 failed login attempts in 10 minutes (using $c->{max_login_attempts} and $c->{lockout_minutes} configuration options).
- Rate limits new account requests. Defaults to 100 requests in a hour long period to avoid causing problems with planned mass sign up events. Configured using $c->{max_account_requests} and $c->{max_account_requests_minutes} options.
General Improvements
- Resolves all accessibility errors and most alerts (as reported by the WAVE Web Accessibility Evaluation Tool) for backend admin pages as listed in the Accessibility report.
- Uses HTML class for Longtext_counter counter line and provides CSS to by default make this red and bold if the maxwords limit is exceeded.
- Allows full path or just subject name to be displayed for values set in subjects field by setting render_path attribute (true by default).
- Allows time between password reset requests to be configured (to a number of hours) rather than hard-coded to 24 hours.
- Adds pr_url configuration option as a protocol relative base URL (e.g. //eprints.example.org/) and uses this to better eliminate issues with mixed-protocol content warnings from browsers whilst ensuring embedded and exported content still retains the hostname in URLs (e.g. href, src, URI, etc.)
- Adds option to set status of EPrints that should be checked by check_xapian script.
- Adds date_embargo_retained field to Documents to retain the embargo date after the embargo is lifted.
- Adds jquery EPrints 3.4 ingredient to allow JQuery resources to be incorporated if required by non-core EPrints functionality. Ingredient added but commented out in flavours/pub_lib/inc.
Bug Fixes
- Prevents access code from changing if request a copy is approved multiple times (and warns if request has already been approved).
- Fixes formatting of results from user search introduced by accessibility changes in 3.4.2.
- Updates issue citation to use
<div>
rather thanand
tags so it works with accessibility changes introduced in 3.4.2.
- Deals more gracefully if History DataObj's parent does not exist when checking if it is an
EPrints::List
. - Fixes internal server error when trying to save values to a non-multiple compound field.
- Fixes issue with XML import setting unset compound subfields to NULL rather than empty string.
- Fixes errors on import pages caused by Accessibility improvements and fixes other Accessibility issues for import pages.
- Fixes broken link of default 401 error page.
- Sets STDOUT and STDERR binmode to utf8 to avoid wide character errors.
- Fixes user history layout as a result of earlier Accessibility improvements.