Releases: slims/slims9_bulian
v9.7.2
SLiMS 9.7.2 (Bulian D Roger)
• Feature: Loan History Maintenance + menu integration.
• Upgrade: Removed loan-history triggers; replaced with direct updates; Add submenu handling in upgrade flow.
• UX: Clearer delete confirmations; defaulted withConfirm; switched form submit to blindSubmit; removed iframe submitExec.
• Assets: Added missing Colorbox CSS/JS includes.
• Reports: Improved procurement date handling (prioritize received_date) and validation.
• Circulation: Refactored member info display for clarity.
• Settings/I18n: Improved language selection; load global settings from DB.
• Access Control/Menu: Tightened checks; added widespread submenu access; refactored submenu arrays to associative keys; fixed isAdmin path matching.
v9.7.1
SLiMS v9.7.1 — Release Notes (2025-09-04)
Summary
v9.7.1 is a maintenance release focused on stability, security hardening, UX improvements, and bug fixes. This release includes enhancements to AJAX handling, CSRF token management, stronger password policy enforcement, CSV reader fixes, and SQL query hardening for reporting.
Highlights
- Improved CSRF token management with backward compatibility and more robust handling.
- Modernized AJAX updater and related functions for better validation, error handling, and UX.
- Stronger password policy enforcement for OPAC and admin/member areas.
- Fixed CSV reader variable/initialization issues and improved CSV handling.
- Hardened SQL queries in procurement reports to validate and exclude invalid dates.
- Improvements to language selection and global settings loading.
Features
- Enhance CSRF token management while maintaining backward compatibility.
- Modernize SLiMS AJAX updater functions (refactor, improved validation, async-aware loaders, better UX and error handling).
- Enhance iframe styling for bibliography management.
Bug fixes
- Corrected variable name typo in CSV Reader class and improved initialization.
- Improved backward compatibility and error handling in several AJAX functions.
- Fixed environment variable handling in AJAX error messaging.
- Fixed strong password policy application so configuration is correctly applied.
- Fixed old-password handling in librarian profile update.
- Removed legacy "forgot password" code path where applicable.
Improvements
- Improved language selection handling and load of global settings from the database.
- Strengthened
isAdminpath checks to correctly detect admin routes. - Enhanced validation logic and issue-driven fixes (see repository issues for context).
- Improved SQL query robustness in procurement reports (validate
input_date, exclude invalid dates). - UX and security tweaks: better AJAX loader management, confirmation dialogs, UCS upload/update handlers, and ES6+ improvements in frontend code.
v9.7.0
SLiMS 9.7 (Bulian D Roger)
Security - System security enhancements to protect data and application stability.
• Comprehensive Security Patch: Patches SQL Injection and Stored XSS vulnerabilities, and enforces stronger password policies.
• Server-Side Attack Prevention: Fixes potential Server-Side Request Forgery (SSRF) and SQL Injection vulnerabilities.
• Upload Area Security: Improves .htaccess security.
• Disables PHP5 script execution.
• Sensitive Data Protection: Prevents direct access to hidden bibliographic details from the OPAC; hides credentials on error pages.
• Cookie and Session Security: Default SecureCookie attribute for user session security.
• Other Mitigations: Stripping EXIF data from uploaded images; fixed ModSecurity issue.
Feature Enhancements & Changes
• Customization and Extensibility: Added Custom Fields for Items; Expanded plugin ecosystem with the ability to load third-party languages; register new menus, and support for plugin modules.
• Added new hooks to the system: login process, OAI, and deeper system customization configuration.
• Support for custom OPAC templates.
• Database and Data Management: Implemented the ability to connect to multiple databases simultaneously, added a file migration feature to another server, and configured the Copy Cataloging feature.
• Development Environment: Docker support.
• User Interface and Experience (UI/UX): Implemented a "Debug Box" to display debug information in a more structured manner, improved AJAX dropdown performance, and added a progress button for the data import process.
Bug Fixes
• Data Import: Fixed various issues during the import process of bibliographic data (including MARC format) and membership, and fixed a bug where the import preview did not match the selected column separator.
• Application Stability: Fixed "undefined variable," "undefined key," or "undefined offset" errors in various modules.
• Data Management: Addressed issues with author and subject orphaned data deletion, the deletion process in the GMD module, the visit space, and backup files.
• Module Functionality: Improved LDAP authentication functionality, resolved barcode label plugin compatibility, and improved filtering and updating borrowing history table.
• System and Configuration: Fixed errors for large file upload, addressed incorrect URLs when running behind a web proxy, and resolved schema and multi-instance connection issues in PDO.
Other
• Dependency Updates: Updated external libraries such as gettext, PHPSpreadsheet, league/flysystem, and symfony/var-dumper.
• Refactoring and Code Quality Improvements: Refactored the registerAutoload strategy and form handling with the FormAjax class.
• Documentation: Added and updated documentation for the Polyglot feature, Actions, and Docker commands.
v9.6.1
Add : CSP Manager
Add : Clickable label element at input radio and checkbox
Add : CSV Import Sample for Biblio, Item, & Member data
Fixed : CJK (Chinese, Japanese, and Korean) character in E-Mail content
Fixed : Bug in stock opname resync
Fixed : MARC SRU Perpusnas RI
Fixed : SSRF & LFI vulnerability
Fixed : re-run session
Fixed : unmatch column type at mst_visitor_room
v9.6.0
Added : CSV import preview
Added : Due date warning email notification
Added : Storage library
Added : Console feature
Added : 2FA at admin login page
Added : Configuration for multiple databases
Added : Room location visitor counter
Added : Captcha configuration user interface
Added : Backup database notification
Added : PHP 8 for minimum requirement
Fixed : Zero existing items for stock opname report
Fixed : Compatibility with MySQL 8
Fixed : Loan by classification reporting query
Fixed : OAIPMH for GetRecord
v9.5.2
v9.5.1
v9.5.0
- Added : Improved compatibility with PHP8.x
- Added : Popup visitor report by day
- Added : Fines value in overdue list
- Added : Password field for encrypted attachment
- Added : Time zone switcher
- Added : Currency switcher
- Added : Default comment management
- Added : Report feature for the Read Counter plugin
- Added : Use filter in default search engine
- Added : Security updates based on OWASP ZAP
- Added : Disable slide in OPAC
- Updated : Check uncommon keyword to prevent sql injection
- Updated : Server for quote in Visitor Counter page
- Updated : Improve mail configuration
- Updated : CKEditor with CKEditor 5
- Fixed : Unable to import biblio data on first header
- Fixed : Image path for Minigalnano
- Fixed : Ignore holiday fines calculation
- Fixed : Unable to download backup file result from user not admin
- Fixed : Holiday setting when empty
- Fixed : Query when import biblio data header
- Fixed : Unrelated field after import item data from CSV
- Fixed : MARC export search
- Fixed : Prevent hidden biblio to show in home page
v9.4.2
- Added : More method to see attachment
- Added : Show detail for fines from Fines Report submenu
- Added : Method to select group functions
- Fixed : Stock take report detail
- Fixed : RSS feed
- Fixed : Forbiden image thumbnail if modsecurity is on
- Update : Deactivate email debugger
- Update : More prevention with delete data if have relations