When submitting a request for a researcher, the DLL does not properly validate the proxy relationship between the user submitting the request and the selected researcher.
Bug# 116990 votes
In TransactionValidator, there is no validation for ensuring that ActivityId and ResearcherUsername are mutually exclusive or that the user is associated with the activity.
Bug# 115620 votes
In the default Aeon web pages, the BillingAccountsVisible param tag on PhotoduplicationRequest.html does not properly hide the BillIng Account dropdown if Billing Accounts are disabled.
Bug# 115330 votes
Changing a user's username in the User Information Form causes an error if a Request Form is also open
If the Request Form and User Information Form are open at the same time in the Client, and the relevant user's username is changed in the User Information Form, an error will occur when switching back to the Request Form even if the User Information Form is still open.
Bug# 114030 votes
If the Aeon Client cannot find a DBC file on startup, it will correctly display an "Error Loading Database Settings" message, but will incorrectly continue trying to connect to the database after the error message is dismissed until this process eventually times out.
Bug# 111070 votes
Clicking "No" when prompted to edit activity notification e-mail still presents the e-mail for editing
When a user is added to an activity on the Activity form, a prompt asks if you would like to edit the notification being sent to the user. Clicking "No" presents the e-mail for editing the same as if "Yes" were clicked.
Bug# 109380 votes
In Template Edit Mode, open the Customization popup window on the Form Dashboard and save changes. Attempts to close the Aeon Client from will fail as the Customization window is unable to fully close.
Bug# 107920 votes
The "Unable to process payment at this time. Please contact library staff if this problem persists. Response signature provided from CyberSource payment provider could not be confirmed." error occurs when a user makes a payment in CyberSource but closes out before successfully navigating back to Aeon.
Bug# 93610 votes
When scaling an item record's window down, the notes field becomes inaccessible, even when a note is present.
Bug# 103170 votes
The ApiKeyAuthenticationMiddleware layer is invoked unnecessarily for non-secure endpoints, resulting in invalid X-AEON-API-KEY header log statements.
Bug# 102730 votes
For example, validating a transaction without username results in the following:
2x "username can't be empty"
1x " is not a valid username"
1x "user cannot be anonymous"
Bug# 88890 votes
When creating a user with an expired password and resetting their password via an email reset link, the user will immediately be presented with another password change form (because their previous password was expired).
Bug# 86870 votes
When submitting a new request through the web and manually typing in the date, the date will be accepted regardless of if it is a blackout date. The blackout date will be unavailable if you attempt to select it from the calendar.
Workaround: Disable the manual entry to the date field by adding the below code to the scheduled_date.js:
// Disable manual entry for date
Bug# 83640 votes
When submitting a Get Barcode request to the Aeon API with the ActiveOnly parameter set to True will prompt an error.
Bug# 83080 votes
A second class attribute was added for action items in the data row template. The contextual classes (e.g, menuClone) should be included in the earlier class definitions.
<a class="dropdown-item btn btn-light <#DATAROW field="RequestActionAllowed" name="Clone" disabledValue="d-none">" href="aeon.dll?Action=11&Form=32&Value=<#DATAROW field="TransactionNumber">" class="menuClone"><span aria-hidden="true" class="fas fa-copy text-primary"></span> Clone Request</a>
Bug# 78690 votes
Not all Date/Time fields are coded with the ISO8601 date.
Bug# 77100 votes
Security scans may ping the following old commented out jQuery in the web pages that needs to be removed:
<!-- jQuery first, then Popper.js, then Bootstrap JS -->
<!--<script src="https://code.jquery.com/jquery-3.4.1.slim.min.js" integrity="sha384-J6qa4849blE2+poT4WnyKhv5vZF5SrPo0iEjwBvKU7imGFAV0wwj1yYfoRSJoZ+n"
Bug# 75730 votes
The DLL is using the same code for both the MainMenu.html and ViewRequestHistory.html tables and just uses an attribute to determine which table is show.
Bug# 12310 votes