EPrints 3.4.2
Revision as of 09:58, 26 February 2021 by Drn@ecs.soton.ac.uk (talk | contribs)
Contents
Release Notes
EPrints 3.4.2 is now available from files.eprints.org and GitHub.
- Zero codename: Blueberry Muffin Derecho
- Publication flavour codename: Pecan Pie Huaico
New Dependencies
Dependencies can be installed as RPMs (yum install PACKAGE), DEBs (apt-get install PACKAGE) or CPAN (cpan MODULE).  Perl's Text::Unidecode module is now needed to better order browse views.
- Perl Text::Unidecodemodule- RPM: perl-Text-Unidecode
- DEB: libtext-unidecode-perl
- CPAN: Text::Unidecode
 
- RPM: 
Also see new dependencies for EPrints 3.4.1 if you are upgrading from 3.4.0 or earlier.
Changes since 3.4.1
New Functionality
- Capability for enabling caching of citations to improve page load times, particularly browse views.
- Provides HTTP PATCH functionality to support incremental metadata changes. (Particularly useful for Symplectic Repository Tools 2 integration).
- Provides facility to define custom handlers for integration with third party applications.
- New DOI import plugin using UNIXREF that provides a richer source of metadata.
- Allows access records to be saved and processed from disk rather than a database table (requires manual enabling / still experimental).
- Supports embedded HTML5 video blocks including subtitles.
- New MetaField for case insensitive IDs, useful for usernames and email addresses.
- New MetaField for keywords. Backwards compatible with text and longtext fields but more accurate at matching individual potentially multiple word keywords.
- New MetaField that provides word count addition to long text fields (requires jQuery to be installed in archive's javascript/auto/directory).
- Allow certain countries not to have to provide a successful Recaptcha for requests (e.g. in China ReCAPTCHA is blocked).
- Render function to allow publications with long creators/editors listed to neatly truncated.
- Script for generating XML sitemaps for use with tools like Google Search Console
Security Improvements
- Prevention of offsite redirects after login.
- Logs out all sessions on password change.
- Rate limits number of password reset emails that can be sent.
- Ensures document full texts are reindexed to add or remove depending on changes to document security.
- Blocks JavaScript in uploaded HTML documents from potentially performing malicious actions as the logged in user.
- Restricts get_tables call for database to those in the current repository.
- Evaluates user-defined can_request_view_documentto ensure errors to not lead to unauthorised access to documents and adds notifications for system administrators in webserver logs and epadmin test. (Mainly to handle Apache 2.4 causing error when calling$r->connection->remote_ip).
General Improvements
- Improves accessibility of EPrints user interfaces.
- Allows subject line of RequestCopy emails to be customised by the user (in case item being requested has no title set).
- Better parsing of BibTeX for import.
- Better error and warning colours for command lines tools.
- Better formatting of person name strings.
- Allows server-wide specification of EPrints flavour (rather than just archive level).
- New functions for ordering various types of MetaField or for sanitising ordering. Ensuring (person) names are consistently ordered.
- Enables multi-lingual support for templates, tooltips and workflow headings.
- Removes any remaining use of full URLs within default template and static pages that can cause a multitude of issues including http/https interoperability.
- Comprehensive review and addition of missing phrases.
- Allows epadmin create to allow an organisation name to be set as a phrase.
- Improves compound multiple field table rendering to not display lots of UNSPECIFIED if a column has no row with a value set.
- Better support for read-only MetaFields.
- Provides EPrints Script test for whether one string contains another.
- Provides checking for individual user roles within a workflow.
- Allows data objects other the EPrint to have revision histories.
- Improves Xapian indexing checking.
- Additions to index tokenizer mappings.
- Removes Text::UnidecodePerl module as this is better provided by Linux package repositories.
- Allows user-defined sort functions for browse views.
- Adds user-definable get_item method for ItemRef MetaFields so fromform method can be used with this type of field.
- Adds user-definable render_item function for ItemRef MetaFields so ItemRef fields can be usefully rendered in browse views.
- Adds classes for option list HTML elements to make it easier to apply CSS styles.
- Adds HTTPS support for SWORD deposit client.
- Generally reduces the use of full URL (with protocol) when absolute/relative path would be more appropriate.
- Makes "Remove Item (with notification)" appear on actions bar when item is in live archive to make it consistent with "Remove Item".
Bug fixes
- Fixes typo effecting position of Review page's move to archive button.
- Fixes error that broke JavaScript for expanding dl tree elements.
- Fixes broken epm command line tool.
- Fixes bug with feeds for latest_tool page.
- Fixes bug causing update_triples event queue tasks to fail.
- Fixes bug with 404 error when attempting to access RequestCopy page.
- Fixes some general encoding issues in export plugins.
- Fixes bug to again allow epadmin test to be run without an archive specified.
- Fixes bug with warning of missing brief citation for event queue.
- Fixes issue with MySQL no longer allowing creation of a MySQL user on granting of privileges.
- Allow DOI to be Endnote exported for any publication type.
- Fixes bugs with HTTPS everywhere configuration breaking some URLs in OAI-PMH and elsewhere.
- Fixes substring out of bounds error when there is no icon URL for a document.
- Fixes hard-coding of entry UID for History iCal export.
- Fixes lack of link for non-specified year items in year browse view menu.
- Fixes issue with use of EPrints::Sword::Utils.
- Fixes check for whether a browse view is a list based on prefix of view's ID.
- Various fixes to image and video conversion through changes to convert and ffmpeg parameters.
- Fixes duplicate event queue tasks being created by resetting to waiting instead.
- Fixes issues access Bazaar behind a HTTP proxy.
- Removes hard-coding of EPrints filesystem path where possible.
- Removes hard-coding of site_libin EPrints include path and all other references.
- Removes TeX::Encode::BibTeXandTeX::Encode::charmapPerl sub-modules as these come as part ofTeX::Encodethat should already be installed as a dependency (since EPrints 3.4.1).
- Fixes case-sensitivity on document type guessing when file extension is in upper case.
- Fixes fuzzy matching on browse view causing generate_views to generate more views than expected.
- Fixes typo for epm sources configuration option.
- Better parse pageranges that include page numbers with hyphens.
- Fixes typo in index tokenizer's apply_mapping function.
- Fixes issues with Storage Manager when CSRF protection is enabled.
- Fixes broken add and edit phrase functionality when CSRF protection is enabled.
- Fixes "insecure connection" bug when exporting from "Actions" tab.
- Adds most basic default workflow for files to fix viewing of files through "Manage records".
- Tidies up robots.txtgeneration.
- Fixes broken documentation link on newly created repository homepages.
- Removes missing browse views menu links on zero template.
- Fixes OpenDOAR policy tools link.
Known Vulnerabilities
The following vulnerabilities are patched with the security patch available at https://files.eprints.org/2548:
- /cgi/ajax/phrase
- CVE-2021-26703 (Remote Code Execution)
- /cgi/cal
- CVE-2021-26475 (Cross-Site Scripting) and CVE-2021-26476 (Remote Code Execution)
- /cgi/dataset_dictionary
- CVE-2021-26702 (Cross-Site Scripting)
- /cgi/latex2png
- CVE-2021-3342 (Remote Code Execution)
- /cgi/toolbox/toolbox
- CVE-2021-26704 (Remote Code Execution)
This patch file also modifies /cgi/history_search to ensure it was not susceptible to MySQL Injection and Cross-Site Scripting. However, no exploit for this potential vulnerability was found.
Known Issues
- Search results from admin menu's "Search users" formatting is somewhat broken due to generic changes made to improve accessibility. This patch fixes this issue.
- If your repository has a local version of citations/eprint/result.xmlthis will cause issues when rendering search results for admin's "Search items" and probably also "Advanced search". Ensureandtags are replaced with<div>tags. Style attributes can also be removed from these elements as they should now be part of thelib/static/style/auto/search.css. If your archive has its ownsearch.cssyou may need to copy some content from thelibversion ofsearch.cssas it relates to ep_search_result.
- As issues are not public-facing EPrint issue citation was not updated with the public-facing accessibility changes but issue results will render differently unless this is updated to use <div>tags rather than<tr>and<td>tags. This patch fixes the issue.
- Trying to "Save and Return" on a non-multiple compound field causes an internal server error. This patch fixes the issue.
Planned Development
See EPrints 3.4.3.
