Difference between revisions of "EPrints 3.4.2"

From EPrints Documentation
Jump to: navigation, search
m
(Added security fix for Apache 2.4 remote_ip call bug.)
Line 40: Line 40:
 
* Blocks JavaScript in uploaded HTML documents from potentially performing malicious actions as the logged in user.
 
* Blocks JavaScript in uploaded HTML documents from potentially performing malicious actions as the logged in user.
 
* Restricts get_tables call for database to those in the current repository.
 
* Restricts get_tables call for database to those in the current repository.
 +
* Evaluates user-defined "can_request_view_document" to ensure errors to not lead to unauthorised access to documents and adds notifications for system administrators in webserver logs and epadmin test. (Mainly to handle Apache 2.4 causing error when calling $r->connection->remote_ip).
  
 
==== General Improvements ====
 
==== General Improvements ====

Revision as of 01:29, 11 July 2020

This page contains information about the EPrints v3.4.2 release.

EPrints 3.4.2 is now available on GitHub.

  • Zero codename: Blueberry Muffin Derecho
  • Publication flavour codename: Pecan Pie Huaico

Release Notes

New Dependencies

Dependencies can be installed as RPMs (yum install PACKAGE), DEBs (apt-get install PACKAGE) or CPAN (cpan MODULE). Perl's Text::Unidecode module is now needed to better order browse views.

  • Perl Text::Unidecode module
    • RPM: perl-Text-Unidecode
    • DEB: libtext-unidecode-perl
    • CPAN: Text::Unidecode

Also see new dependencies for EPrints 3.4.1 if you are upgrading from 3.4.0 or earlier.

Changes Since 3.4.1

New Functionality

  • Capability for enabling caching of citations to improve page load times, particularly browse views.
  • Provides HTTP PATCH functonality to support incremental metadata changes. (Particularly useful for Symplectic Repository Tools 2 integration).
  • Provides facility to define custom handlers for integration with third party applications.
  • New DOI import plugin using UNIXREF that provides a richer source of metadata.
  • Allows access records to be saved and processed from disk rather than a database table (requires manual enabling / still experimental).
  • Supports embedded HTML5 video blocks including subtitles.
  • New MetaField for case insensitive IDs, useful for usernames and email addresses.
  • New MetaField for keywords. Backwards compatible with text and longtext fields but more accurate at matching individual potentially multiple word keywords.
  • New MetaField that provides word count addition to long text fields (requires jQuery to be installed in archive's javascript/auto/ directory)
  • Allow certain countries not to have to provide a successful Recaptcha for requests (e.g. in China ReCAPTCHA is blocked).
  • Render function to allow publications with long creators/editors listed to neatly truncated.
  • Script for generating XML sitemaps for use with tools like Google Search Console

Security Improvements

  • Prevention of offsite redirects after login.
  • Logs out all sessions on password change.
  • Rate limits number of password reset emails that can be sent.
  • Ensures document full texts are reindexed to add or remove depending on changes to document security.
  • Blocks JavaScript in uploaded HTML documents from potentially performing malicious actions as the logged in user.
  • Restricts get_tables call for database to those in the current repository.
  • Evaluates user-defined "can_request_view_document" to ensure errors to not lead to unauthorised access to documents and adds notifications for system administrators in webserver logs and epadmin test. (Mainly to handle Apache 2.4 causing error when calling $r->connection->remote_ip).

General Improvements

  • Improves Accessibility of EPrints user intefaces
  • Allows subject line of RequestCopy emails to be customised by the user (in case item being requested has no title set).
  • Better parsing of BibTeX for import.
  • Better error and warning colours for command lines tools.
  • Better formatting of person name strings.
  • Allows server-wide specification of EPrints flavour (rather than just archive level).
  • New functions for ordering various types of MetaField or for sanitising ordering. Ensuring (person) names are consistently ordered.
  • Enables multi-lingual support for templates, tooltips and workflow headings.
  • Removes any remaining use of full URLs within default template and static pages that can cause a multitude of issues including http/https interoperability.
  • Comprehensive review and addition of missing phrases.
  • Allows "epadmin create" to allow an organisation name to be set as a phrase.
  • Improves compound multiple field table rendering to not display lots of UNSPECIFIED if a column has no row with a value set.
  • Better support for read-only MetaFields.
  • Provides EPrints Script test for whether one string contains another.
  • Provides checking for individual user roles within a workflow.
  • Allows data objects other the EPrint to have revision histories.
  • Improves Xapian indexing checking.
  • Additions to index tokenizer mappings.
  • Removes Text::Unidecode Perl module as this is better provided by Linux package repositories.
  • Allows user-defined sort functions for browse views.
  • Adds user-definable get_item method for ItemRef MetaFields so fromform method can be used with this type of field.
  • Adds user-definable render_item function for ItemRef MetaFields so ItemRef fields can be usefullty rendered in browse views.
  • Adds classes for option list HTML elements to make it easier to apply CSS styles.
  • Adds HTTPS support for SWORD deposit client.
  • Generally reduces the use of full URL (with protocol) when absolute/relative path would be more appropriate.
  • Makes "Remove Item (with notification)" appear on actions bar when item is in live archive to make it consistent with "Remove Item".

Bug fixes

  • Fixes typo effecting position of Review page's move to archive button.
  • Fixes error that broke JavaScript for expanding dl tree elements.
  • Fixes broken epm command line tool.
  • Fixes bug with feeds for latest_tool page
  • Fixes bug causing update_triples event queue tasks to fail.
  • Fixes bug with 404 error when attempting to access RequestCopy page.
  • Fixes some general encoding issues in export plugins.
  • Fixes bug to again allow "epadmin test" to be run without an archive specified.
  • Fixes bug with warning of missing brief citation for event queue.
  • Fixes issue with MySQL no longer allowing creation of a MySQL user on granting of privilges.
  • Allow DOI to be Endnote exported for any publication type.
  • Fixes bugs with HTTPS everywhere configuration breaking some URLs in OAI-PMH and eleswegere
  • Fixes substring out of bounds error when there is no icon URL for a document.
  • Fixes hard-coding of entry UID for History iCal export.
  • Fixes lack of link for non-specified year items in year browse view menu.
  • Fixes issue with use of EPrints::Sword::Utils.
  • Fixes check for whether a browse view is a list based on prefix of view's ID.
  • Various fixes to image and video conversion through changes to convert and ffmpeg parameters.
  • Fixes duplicate event queue tasks being created by resetting to waiting instead.
  • Fixes issues access Bazaar behind a HTTP proxy.
  • Removes hard-coding of EPrints filesystem path where possible.
  • Removes hard-coding of site_lib in EPrints include path and all other references.
  • Removes TeX::Encode::BibTeX and TeX::Encode::charmap Perl sub-modules as these come as part of TeX::Encode that should already be installed as a dependency (since EPrints 3.4.1).
  • Fixes case-sensivity on document type guessing when file extension is in upper case.
  • Fixes fuzzy matching on browse view causing generate_views to generate more views than expected.
  • Fixes typo for epm sources configuration option.
  • Better parse pageranges that include page numbers with hyphens.
  • Fixes typo in index tokenizer's apply_mapping function.
  • Fixes issues with Storage Manager when CSRF protection is enabled.
  • Fixes broken add and edit phrase functionality when CSRF protection is enabled.
  • Fixes "insecure connection" bug when exporting from Actions tab.
  • Adds most basic default workflow for files to fix viewing of files through Manage records.
  • Tidies up robots.txt generation.
  • Fixes broken documentation link on newly created repository homepages.
  • Removes missing browse views menu links on zero template.
  • Fixes OpenDOAR policy tools link.

Planned Development

See EPrints 3.4.3.