SLiMS 9.7.1
8 September 2025
SLiMS version 9.7.1 is now available (major release).
Upgrading to SLiMS 9.7.1
SLiMS 9.7.1 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply SLiMS updates as new versions are released, or use Installatron's Clone feature to duplicate an existing SLiMS install to test the 9.7.1 upgrade prior to applying it live. Get started managing your SLiMS installations with Installatron
What's New in SLiMS 9.7.1
9.7.1
Bug Fixes and Changes
- Improved language selection handling and load of global settings from the database.
- Improved CSRF token management with backward compatibility and more robust handling.
- Modernized AJAX updater and related functions for better validation, error handling, and UX.
- Stronger password policy enforcement for OPAC and admin/member areas.
- Fixed CSV reader variable/initialization issues and improved CSV handling.
- Hardened SQL queries in procurement reports to validate and exclude invalid dates.
- Improvements to language selection and global settings loading.
9.7.0
Summary
- Security - System security enhancements to protect data and application stability.
- Comprehensive Security Patch: Patches SQL Injection and Stored XSS vulnerabilities, and enforces stronger password policies.
- Server-Side Attack Prevention: Fixes potential Server-Side Request Forgery (SSRF) and SQL Injection vulnerabilities.
- Upload Area Security: Improves .htaccess security.
- Disables PHP5 script execution.
- Sensitive Data Protection: Prevents direct access to hidden bibliographic details from the OPAC; hides credentials on error pages.
- Cookie and Session Security: Default SecureCookie attribute for user session security.
- Other Mitigations: Stripping EXIF data from uploaded images; fixed ModSecurity issue.
Feature Enhancements & Changes
- Customization and Extensibility: Added Custom Fields for Items; Expanded plugin ecosystem with the ability to load third-party languages; register new menus, and support for plugin modules.
- Added new hooks to the system: login process, OAI, and deeper system customization configuration.
- Support for custom OPAC templates.
- Database and Data Management: Implemented the ability to connect to multiple databases simultaneously, added a file migration feature to another server, and configured the Copy Cataloging feature.
- Development Environment: Docker support.
- User Interface and Experience (UI/UX): Implemented a "Debug Box" to display debug information in a more structured manner, improved AJAX dropdown performance, and added a progress button for the data import process.
Bug Fixes
- Data Import: Fixed various issues during the import process of bibliographic data (including MARC format) and membership, and fixed a bug where the import preview did not match the selected column separator.
- Application Stability: Fixed "undefined variable," "undefined key," or "undefined offset" errors in various modules.
- Data Management: Addressed issues with author and subject orphaned data deletion, the deletion process in the GMD module, the visit space, and backup files.
- Module Functionality: Improved LDAP authentication functionality, resolved barcode label plugin compatibility, and improved filtering and updating borrowing history table.
- System and Configuration: Fixed errors for large file upload, addressed incorrect URLs when running behind a web proxy, and resolved schema and multi-instance connection issues in PDO.
Other
- Dependency Updates: Updated external libraries such as gettext, PHPSpreadsheet, league/flysystem, and symfony/var-dumper.
- Refactoring and Code Quality Improvements: Refactored the registerAutoload strategy and form handling with the FormAjax class.
- Documentation: Added and updated documentation for the Polyglot feature, Actions, and Docker commands.
9.6.1
New Features
- CSP Manager
- CSV import sample
- Clickable label element at input radio and checkbox
- CSV Import Sample for Biblio, Item, & Member data
Bug Fixes
- CJK (Chinese, Japanese, and Korean) character in E-Mail content
- Bug in stock opname resync
- MARC SRU Perpusnas RI
- SSRF & LFI vulnerability
- re-run session
- unmatch column type at mst_visitor_room
9.6.0
New Features
- CSV import preview
- Due date warning email notification
- Storage library
- Console feature
- 2FA at admin login page
- Configuration for multiple databases
- Room location visitor counter
- Captcha configuration user interface
- Backup database notification
- PHP 8 for minimum requirement
Bug Fixes
- Zero existing items for stock opname report
- Compatibility with MySQL 8
- Loan by classification reporting query
- OAIPMH for GetRecord