Difference between revisions of "EPrints 3.4.7"

This page contains information about the EPrints v3.4.7 tag and release on GitHub.

Release Notes

EPrints 3.4.7 is now available on GitHub.

• Zero codename: Granita Gregale
• Publications flavour codename: Tiramisu Tramontane

New Dependencies

Check earlier dependencies for EPrints 3.4.6 and before.

Upgrade Considerations

• If you are upgrading from an earlier version of EPrints 3.4.x and have the the metatags ingredient enabled, as well as disabling this by removing it from your flavour's inc file, if your archive has its own cfg/cfg.d/eprint_render.pl file, you will need to make sure that the following lines are added to it after similar lines for Export::Simple and Export::DC:

$links->appendChild( $repository->plugin( "Export::HighwirePress" )->dataobj_to_html_header( $eprint ) );
$links->appendChild( $repository->plugin( "Export::Prism" )->dataobj_to_html_header( $eprint ) );

Changes Since 3.4.6

New Functionality

• Adds check_config optioion to tools/epm allowing configuration files (under cfg/) to be compared between the EPM and the archive and potentially copied to the latter if the file is not already present.
• Allows bin/epadmin to logout all users (possibly with 1 or more exclusions)
• Implements missing triggers EP_TRIGGER_BEGIN and EP_TRIGGER_END
• Allows browse view variation ordering by number
• Adds citation cache management script
• Allows static pages to be put behind login (with exceptions)
• Allows custom sort to be applied at a browse menu level
• Adds Highwire Press and PRISM meta tags to head of abstract pages as favoured by Google Scholar

Security and Privacy Improvements

• Fixes vulnerability in PrototypeJS
  • Severity: Low | By default EPrints does not make use of PrototypeJS in a way that actively exposes CVE-2020-27511. EPrints only allows an administrator to modify the JavaScript EPrints serves, such that the vulnerability could be exposed.
• Uses different identifier for recalling search result caches so it cannot be guessed
  • Severity: Low | Change is only intended to partially mitigate certain excessive search queries, which can sometimes be processor intensive.
• Ups to latest versions of jQuery and JQuery UI available in jquery ingredient
  • Severity: Low | jquery ingredient is not enabled by default. Minor upgrade of JQuery libraries is mainly to ensure versions do not fall too far behind the latest, as they may be needed to provide a repository's branding imported from another website.

General Improvements

• Tidies up comments under lib/cfg.d/security.pl to only refer to EPrints::Repository->ip function for getting the IP address of the request
• Update Recaptcha3 to work with non-request workflows e.g. registration
• Improves EPrints::Repository->remote_ip to disregard invalid IP addresses in X-Forwarded-For
• Makes document thumbnails use long URL format
• Removes no longer supported cgi/paracite script
• Improve restrict_paths by only allowing some IP rather than just disallowing others
• Various improvements to citation caching
• Partially addresses spurious use of X-Forwarded-For header to pollute stats
• Prevents 'Manage Deposits' taking a long time to load with a lot of items
• Removes references to secure.xml template and secure_auto.js
• Adds place as a related_url type
• Tides up use of get_citaiton_id in search screens
• Allows any item that has ever been in the live archive to be retired
• Allows EPrints::Document search_related to be ordered and limited to reduce number of cache tables generated
• Allows placeholder to be optionally displayed for un-named subjects in browse views
• Supports disabling of auto re-searching of cache ID for search has expired
• Supports plugins exporting as attachment rather that in-browser
• Adds 'export_file_as_attachment' option to force exports to be downloaded
• Add view option to suppress 'feeds'

Bug Fixes

• Fixes generate_apacheconf has issues if archive missing cfg/static/javascript/auto/
• Fixes Boolean field has inconsistent phrase names
• Fixes tools/epm's link_lib and unlink_lib command so they only remove files referenced in the EPM directory's .epm / .epmi file
• Fixes UX/Accessibility issue with Import plugin actions
• Fixes History records not retaining formatting of email reasons
• Fixes disabling an EPM removes database tables and fields (and counters) it added to an archive
• Better handles EPrint::MetaField->ordervalue_single returning undefined
• Fixes long values in initial dataobj creation leading to empty rows in their database tables
• Updates URLs for GPL/GPL licences to point at GNU rather than Creative Commons website
• Fixes typos is template Accessibility report
• Fixes EPrint::MetaField::Multipart->ordervalues_basic does not forward all parameters
• Fixes Applying subtitle to book_title for book chapter items
• Aligns basic-auth in Sword and Auth modules so passwords can contain non-word characters
• Fixes Increment of data-row-cell-index for compound field header rows
• Fixes citation caching: non-linked cached citations
• Fixes before commit trigger changes not appearing in revision files
• Fixes EPrints::Plugin::Search::Xapian->_get_records cannot handle 0 results
• Fixes issues with ReCAPTCHAv3 form being able to submit
• Fixes login_required_for_X functionality not be able to redirect user to a specific page after login
• Fixes aspect ratio for video thumbnails if rotation matrix used
• Only crypt passwords that only contain printable ASCII
• Prevents other sub-field default occasionally be using for another compound field sub-field
• Fixes lightbox popup preview of a video
• Fixes Subobject to_sax causes 500 error if there are multiple and subobject is null
• Sets more sensible maxlength default for MetaFields that are SQL_CLOB to avoid truncation
• Ensures depositable should be TRUE not 1 on initial subject creation through Edit::Subject
• Fixes HTML citation export fails if export citation style for eprint exists
• Ensures output from get_custom_view_header user-defined function can appear before or after the browse view navigation bar
• Removes no longer support use encoding... from random data generator
• Makes 'Move' positions unique
• Retains attribute order in build_attributes
• Fixes Horizontal scrollbar when zoomed to 400%
• Fixes default values for search get re-enabled if field left empty
• Fixes broken aria reference if help phrase exists, but help isn't shown
• Adds cgi/register to accessibility check
• Fixes logic support complex page ranges (e.g. A-2-B-4)
• Removes rev_number from eprints in test import data to prevent missing revisions when imported.
• Fixes issues when splitting complex page ranges originally implemented for 3.4.2
• Fixes historic cache param causing excessive new cache tables
• Removes eprint rev_number from test data this cause odd behaviour when importing
• Prevents double presses on search buttons sending multiple requests

Known Issues

Session Initialisation and Close Bespoke Configuration

EPrints 3.4.7 replaces $c->{session_init} and $c->{session_close} configuration in lib/cfg.d/session.pl with EP_TRIGGER_BEGIN and EP_TRIGGER_END triggers. Although uncommon, if you have modified session_init in a later configuration file than session.pl and your session_init function requires the EPrints::Repository's offline parameter then will not be sent to the function. Similarly, if you have modified the session_close function and this requires and EPrints::Repository object as a parameter, this will not be sent. These can be fixed with this patch.

Further Planned Features and Improvements

See 3.4.8 milestone on GitHub for more details.