When submitting a request for a researcher, the DLL does not properly validate the proxy relationship between the user submitting the request and the selected researcher.

Bug# 11699

In TransactionValidator, there is no validation for ensuring that ActivityId and ResearcherUsername are mutually exclusive or that the user is associated with the activity.

Bug# 11562

In the default Aeon web pages, the BillingAccountsVisible param tag on PhotoduplicationRequest.html does not properly hide the BillIng Account dropdown if Billing Accounts are disabled.

Bug# 11533

If the Request Form and User Information Form are open at the same time in the Client, and the relevant user's username is changed in the User Information Form, an error will occur when switching back to the Request Form even if the User Information Form is still open.

Bug# 11403

If the Aeon Client cannot find a DBC file on startup, it will correctly display an "Error Loading Database Settings" message, but will incorrectly continue trying to connect to the database after the error message is dismissed until this process eventually times out.

Bug# 11107

Generating a new email that is not based on a template from a request form in the client incorrectly populates the email's from address with the value in the EmailFromAddress customization key instead of the site's information entered in the LocalInfo table.

Bug# 11000

When a user is added to an activity on the Activity form, a prompt asks if you would like to edit the notification being sent to the user. Clicking "No" presents the e-mail for editing the same as if "Yes" were clicked.

Bug# 10938

In Template Edit Mode, open the Customization popup window on the Form Dashboard and save changes. Attempts to close the Aeon Client from will fail as the Customization window is unable to fully close.

Bug# 10792

Transaction numbers do not get to Touchnet due to an issue with ancillaryData handling.

Bug# 10472

The "Unable to process payment at this time. Please contact library staff if this problem persists. Response signature provided from CyberSource payment provider could not be confirmed." error occurs when a user makes a payment in CyberSource but closes out before successfully navigating back to Aeon.

Bug# 9361

When scaling an item record's window down, the notes field becomes inaccessible, even when a note is present.

Bug# 10317

The ApiKeyAuthenticationMiddleware layer is invoked unnecessarily for non-secure endpoints, resulting in invalid X-AEON-API-KEY header log statements.

Bug# 10273

Once the h5 header is updated to h4, there is an empty header that breaks accessibility.

Bug# 10178

Bug# 9085

Users can submit duplicate requests through external requesting by rapidly clicking the submit button.

Bug# 4702

When adding a transaction to a bundle, Aeon is creating an entry in the History table. The Entry column is limited to 255 characters, which throws an error if the bundle has a name that exceeds the limit.

Bug# 8806

When a user submits a request, the request is created as expected after logging in. Then, if the user clicks the refresh button in their browser, a duplicate request is submitted.

If the user is already logged in and attempts to refresh after submitting the request, I get the: "This form has already been submitted. Duplicate request not created." error as expected.

Bug# 8826

For example, validating a transaction without username results in the following:
2x "username can't be empty"
1x " is not a valid username"
1x "user cannot be anonymous"

Bug# 8889

Bug# 9003

The custom search is displaying the correct, converted, time in the client; however, custom searches look for the unconverted UTC time from the database.

v5.0.3 and 4.1.0.2
Bug# 8689