Ellucian Banner Student Self-Service Change Request Resolutions SYSTEM: Banner Student Self-Service PATCH NAME: pcr-000134095_bws8070207 PATCH DEPENDENCY: Banner Student Self-Service 8.7.2.6, accounts receivable 8.5.4 and Banner Student 8.14.1 NOTES: 1. This patch can be installed manually and is also available for installation using the Ellucian Solution Manager (ESM). The minimum version of ESM required for patches is 1.11. See the "Banner Upgrades Support Status" document available within Documentation Libraries on the Ellucian Support Center, for a complete list of Banner releases that ESM supports for installation. 2. Be sure all Oracle users are logged off and cannot or will not log on. If you do this by starting the database in Restricted mode, then all user IDs used in the installation will need the Restricted Session system privilege for the duration of this installation. (For more information refer to the Oracle Server Administrator's Guide.) The user IDs in the bwsgivedba.sql script will be given the DBA role as a default role, so a direct grant of Restricted Session is not necessary. It is advised to shutdown GURJOBS and restart it after the installation is complete. COMPLETE BACKUPS OF YOUR EXISTING SYSTEM BEFORE CONTINUING! ====================================================================== Change Request (Defect) #: CR-000134095 MODULE: Registration DEPENDENCIES: 8.7.2.7 of bwckgen1.sql can replace version 8.7.2.6 PROGRAM: bwckgen1.sql PROBLEM (CR-000134095): There is a potential for a cross site scripting vulnerability on the Banner Self-Service course search web page RESOLUTION (CR-000134095): Placed XSS validation routine for sanitizing the "title" parameter. In case the XSS scripts are passed for "title" parameter, system will not proceed with its regular functionality and will display appropriate error page. Link: https://ellucian.force.com/clients/a0x160000040lnYAAQ ====================================================================== Change Request (Enhancement) #: CR-000158613 DEPENDENCIES: 8.7.2.7 of bwtktxn1.sql can replace version 8.5.4. PROGRAM: bwtktxn1.sql PROBLEM (CR-000158613): 1098T Regulatory updates for year end 2018. US regulatory updates. IMPACT (CR-000158613): 1098T Regulatory updates for year end 2018. US regulatory updates RESOLUTION (CR-000158613): -- 1098T Regulatory updates for year end 2018. US regulatory updates. -- Fulfill IRS requirement to report Box 1, Payments Received, starting with Tax Year 2018. -- Fulfill IRS requirement to report Box 4, Adjustments to Payments Received reporting. -- Fulfill IRS requirement to record a change in Reporting method -- in case tax-year>=2-18, ttbtaxn_amount_1 to be printed for Box 1 and ttbtaxn_amount_6 for Box 4 -- In supplemental detail section, if Tax-year>=2018, we have new columns added -- If tax-year>=2018, to check for 'PR' if page enabled for Tax Year Link: https://ellucian.force.com/clients/a0x1M000005l1XFQAY ====================================================================== INSTALLATION INSTRUCTIONS: 1. To download and unpack the Change Request patch '.trz', go to the Ellucian Client Support web site: http://www.ellucian.com/Solutions/Ellucian-Client-Support and click on the Ellucian Hub button to sign into the Ellucian Hub. Choose the Ellucian Download Center. At the top, click on 'Downloads' and then 'Search Downloads'. Search for the name of the patch (pcr-000134095_bws8070207). Be sure to click 'Files' option for 'Show results for'. Check the box next to the name of the .trz file and click the 'Download Selected Files' button. Unzip the file on your PC, then ftp the .trz file to your server. 2. Position yourself in the subdirectory created when the posting was unloaded. 3. To verify the patch dependencies before proceeding with the install, invoke SQL*Plus and run the script: sqlplus /nolog @bwsruready [Enter] Note: You will be prompted for the SYSTEM password. Review: bwsruready.lst bwsgivrole.lst 4. To apply database procedures, invoke SQL*Plus and run the procedure: sqlplus /nolog @bwsdbpr2 [Enter] Note: You will be prompted for the BANINST1 password. Review: bwsdbpr2.lst 5. To compile all functions, views, packages, procedures and triggers which are in an invalid state. Invoke SQL*Plus and run the procedure: sqlplus /nolog @gurutlrp [Enter] Note: You will be prompted for the SYS password. Review: gurutlrp.lst UNIX PLATFORMS 6. Review bwsmigr.shl for correct directory path names and make sure the environment variable $BANNER_HOME is set to the appropriate directory. Then migrate and link the new objects to your permanent directories and produce an error log for the migration by typing: sh bwsmigr.shl >bwsmigr.log 2>&1 & [Enter] Review: bwsmigr.log 7. To record this patch in the General gurpost table, invoke SQL*Plus and run the procedure: sqlplus general/password [Enter] start bwsinspost [Enter] Review: bwsinspost.lst 8. To restore the necessary users to the roles/privileges they had prior to applying this patch, invoke SQL*Plus and start the procedure: sqlplus /nolog @bwsresrole [Enter] Note: You will be prompted for the SYSTEM password. Review: bwsresrole.lst MICROSOFT WINDOWS PLATFORMS 6. The file bwsmigr.pl will do the appropriate deletes and copies. Before running the migration script you must check the BANENV environment variable. This value may be determined by executing the SET command from the DOS prompt. If BANENV has a value of REG, the value used for BANNER_HOME will be taken from the registry entry: HKEY_LOCAL_MACHINE\SOFTWARE\BANNER\BANNER_HOME If BANENV has a value of ENV, the value for BANNER_HOME will be taken from the environment variable BANNER_HOME. Review the script for correct directory path names. To run the migration script and produce an error log for the migration type the following: perl bwsmigr.pl >bwsmigr.log 2>&1 [Enter] Review: bwsmigr.log 7. To record this patch in the General gurpost table, invoke SQL*Plus and run the procedure: sqlplus general/password [Enter] start bwsinspost [Enter] Review: bwsinspost.lst 8. To restore the necessary users to the roles/privileges they had prior to applying this patch, invoke SQL*Plus and start the procedure: sqlplus /nolog @bwsresrole [Enter] Note: You will be prompted for the SYSTEM password. Review: bwsresrole.lst ************************************************************************ Without limitation: Ellucian(R), Banner(R), Colleague(R), and Luminis(R) are trademarks of the Ellucian group of companies that are registered in the U.S. and certain other countries; and Ellucian Advance(TM), Ellucian Course Signals(TM), Ellucian Degree Works(TM), Ellucian PowerCampus(TM), Ellucian Recruiter(TM), Ellucian SmartCall(TM), are also trademarks of the Ellucian group of companies. Other names may be trademarks of their respective owners. (C)2018 Ellucian. Contains confidential and proprietary information of Ellucian and its subsidiaries. Use of these materials is limited to Ellucian licensees, and is subject to the terms and conditions of one or more written license agreements between Ellucian and the licensee in question. In preparing and providing this publication, Ellucian is not rendering legal, accounting, or other similar professional services. Ellucian makes no claims that an institution's use of this publication or the software for which it is provided will guarantee compliance with applicable federal or state laws, rules, or regulations. Each organization should seek legal, accounting, and other similar professional services from competent providers of the organization's own choosing. Ellucian 2003 Edmund Halley Drive Reston, VA 20191 United States of America