ILLiad 9.0 Release Notes

Print Friendly and PDF Follow

Release Date 26 November 2018.

Support for ILLiad 8.6 ends 28 February 2019 

Support for ILLiad 8.7 ends 31 December 2019

Important Update Information

ILLiad 9.0 now uses the .NET 4.6.2 (or higher) framework for both the ILLiad server and the ILLiad clientYour ILLiad server and all desktops that run the ILLiad client will need to update to .NET 4.6.2 framework or higher. Your server and client machines may need to be restarted after installation to apply the changes. This also resolves issues that some institutions have experienced when connecting to web servers that have explicitly disabled TLS 1.0. Note: ILLiad supports the recommended protocol TLS 1.2 for .NET 4.6.2.

Windows Server 2008 R2 SP1 and Windows 7 (client) is the minimum supported for ILLiad 9.

All patron users with ILLiad auth types of ILLiad, ILLiadExclusive, or PatronAPI will be required to reset their password upon the first login after ILLiad 9 update. This does not affect RemoteAuth or LDAP users.

All staff will need to change their ILLiad client password upon login after the update.

Considerations Before You Update

Updating During Normal Working Hours

Please consider running updates and installations during standard support hours 8 am - 5 pm eastern time (business days Monday - Friday)   so that help is readily available if any issues are encountered. 

Checking the WebAuthtype Key

Sites who have set the RemoteAuthSupport customization key to Yes will need to set the WebAuthType key to RemoteAuth in the Customization Manager prior to the ILLiad 9.0 update.

  • If the WebAuthType key is not set to RemoteAuth, the user will be prompted to change their password after the update even if the RemoteAuthSupport key is set to Yes. This is because the new password enhancements use the WebAuthType to determine which sites require the password changes.
  • During the update, if the UpgradeAdvisor detects the RemoteAuthSupport customization key is set to Yes and WebAuthType is not set to RemoteAuth then a warning will appear.

Checking the SharedServerSupport Key

Sites who have a Shared Server will need to set the SharedServerSupport key to Yes for all NVTGCS (including ILL).

  • When the SharedServerSupport key is set to Yes, then a SQL views script is automatically run during the update. If the key is set to No, then the script doesn't automatically run and it could prevent patrons from accessing their ILLiad accounts after the update.

Un-Checking the ILLiad Authentication Box on the Users Form

If you are using RemoteAuth or LDAP, please ensure that patrons using your Default AuthType have the ILLiad Authentication box Unchecked in their User form. Please see Checking the Patron AuthType for more information. If you find that you have a lot of user records where the AuthType is set to ILLiad instead of to Default, if you contact Support at, they can have the user records changed via a SQL Query.

Sites that have more than one PC

After ILLiad has updated, any user who has successfully logged in and changed their password in either the ILLiad 9.0 Client or ILLiad 9.0 Staff Manager will not be able to log into another workstation whose Client still operates under version 8.7.2. This is because the username has been updated with the new hashing methods which are not recognized in previous versions. Instead, download the ILLiad 9.0 Client Installer and run as an administrator on that machine. Once the Client has updated to version 9.0, then any staff member will be able to successfully log in on that workstation.

Adding the FORMSTATE Tag

Add the FORMSTATE tag to the ChangePassword.html pages. For more information, please read the FORMSTATE Tag article.

ILLiad Highlights

The following new features and enhancements have been added to ILLiad version 9.0.

FIPS Compliance | OCLC Requests | Appearance | Password Security | Miscellaneous

FIPS Compliance

FIPS (Federal Information Processing Standards) can now be enabled for ILLiad.

  • 140-2 compliant encryption algorithms
  • Activated via the Windows group policy
  • FIPS compliance will be supported with ILLiad after the hashing customization keys are set in the Customization Manager with a numerical value (see StaffPasswordHashingIterations and WebPasswordHashingIterations customization keys for more information). 

If you need to utilize FIPS on your system after the update, you must update ALL passwords for staff members prior to activating it, or FIPS checking will prevent the system from running for the respective Staff user. 

FIPS also affects the staff's ability to change user passwords for patrons who have not updated their passwords after enabling FIPS compliance.

OCLC Requests

Connection Manager will automatically retry once after 15 seconds for most errors encountered when retrieving requests.


Updated client and staff interface look and feel with multiple different skins to choose from. For more information, please see Theme Selector.  

To view the pictures on a larger scale, click the image to expand.

Password Security

ILLiad Basic Authentication, Staff, and Lending Web security updates for passwords.

  • Hashing Methods
  • Password Expiration
  • Password Complexity
  • Increased password field character sizes
  • Expired password notifications for patrons
  • And many more...


Lots of bug fixes and underlying component updates! 

ILLiad 9.0 Features & Fixes 

For any questions on the ILLiad 9.0 features & fixes, please see the ILLiad 9.0 FAQ. For all other questions, please contact support.

Addons | Admin Tools | Authentication Database | Docline | Email | ILLiad Client | Notifications | OCLC Web Pages | Web Platform


New The Chromium Browser is now available for ILLiad 9.0 and higher. Please see Chromium Browser and Chromium WebBrowser for more information.

Admin Tools

New Added StaffPasswordHashingIterations, a hashing customization key to set the number of hash iterations when storing a staff password. The iterations store the hashed passwords as an algorithm for increased security. Default hash iterations 156,000. If you wish to change the default iterations, it is highly recommended to contact support for the number of iterations that work best for the speed of your computer and the hash algorithm. Generally, hash iterations should not be set to less than 100,000.
New Added capability to enable staff password expiration and set default dates for expiration through "StaffPasswordExpirationEnabled" and StaffPasswordExpirationDays" customization keys.
New Added the ability to enforce staff password complexity requirements through the 'StaffPasswordComplexity' customization key under System/General. Staff administrators have the option to override password requirements when creating new staff accounts with initial password.
New Added WebPasswordHashingIterations, a hashing customization key to set the number of hash iterations when storing a user password. The iterations store the hashed passwords as an algorithm for increased security.
New Added Web Interface notifications for invalid user passwords through the customization keys "SLUserPasswordExpired" and "SLPasswordDoesNotMeetHistoryRequirement".
New Added capability to enable user password expiration and set default dates for expiration through "UserPasswordExpirationEnabled" and "UserPasswordExpirationDays" customization keys. For more information on user expirations, please see User Expiration Date.
New Added the ability to not set an expiration date for new users.
New Added capability to enable LWeb password expiration and set default dates for expiration through  "LWebPasswordExpirationEnabled" and "LWebPasswordExpirationDays" customization keys.
New Added a "Required" field to the WebValidation table. If the box is checked as required, those fields will require a value equal to the expression noted in the validation field unless the validation is .+. For example, if Fieldname Password1 is required and the validation is set to ^.{10,}$ then the password value is required to have 10 characters.
Changed UserNotification records will be deleted for deleted users.
Changed Added the title "Alert" to any alert popups that do not currently have a title. This will help users easily identify what type of popup message they are receiving.

The default customization key value for SLShowRequest has been updated to say 'Enter the information below and press the Submit Request button to send."



When using SymphonyAPI authentication, users can successfully authenticate into the SIRSI Symphony catalog system through ILLiad. See Symphony API for more information.


New Added "PasswordChangedDate" column to Staff table in accommodation of the staff password expiration keys. When a staff member updates their password, the PasswordChangedDate field will reflect the date and time of the update.
New Added "PasswordChangedDate" column to Users table in accommodation of the user password expiration keys. When a user updates their password, the PasswordChangedDate field will reflect the date and time of the update.
New Added "WebPasswordChangedDate" column to LenderAddresses table in accommodation of the LWeb password expiration keys. When the LWeb password is updated, the PasswordChangedDate field will reflect the date and time of the update.
New A force reset checkbox has been added next to the login in both the Staff Manager and the Client.

Added new work form mappings:

Seed Data:

    • Blank Article: CopyrightCompliance, DOI, PMID
    • OCLC Article: CopyrightCompliance


    • Blank Article: CopyrightCompliance
    • OCLC Article: CopyrightCompliance
Changed Increased the length of the Symbol field in the EMST and ElecDelAddresses to 40 characters.
Changed Increased the ESPBillTo and ESPShipTo fields in the LenderAddresses table to be 500 characters from 255.
Changed Increased the WebPassword field length in the LenderAddress table to 255 characters to accommodate the new password hashing customization keys.
Changed ReasonForCancellation field length in the Transactions table is now 150 characters.
Changed Merged SLUsernameNotInDatabase and SLPasswordIncorrect into SLLoginFailed
Changed RequestType check constraint removed from the database.
Changed When ConnectionManager retrieves OCLC requests for importing or updating, a subsequent retry attempt will be made if an error occurs to allow for situations where there is a temporary network outage or the OCLC record is locked.


Fixed Lender selection now opens selected Lender for Docline.



The<#Special.UserDisavowalReason> field is now available to be used as a tag in Email templates. This allows sites to add a custom prefix to the reset link. For example, the RelativePasswordResetLInk will be illiad.dll?Action=10&Form=85&Value=XYZ1234 for the PasswordResetLink

ILLiad Client

Changed Undo Shipped is not allowed when there are IFM billing charges associated with the request.
Changed Removed link to community portal.
Changed MarkFound process validation errors will now display to the end user.
Changed On the Update Stacks Search Results page, if the OCLC status comes back as anything other than CONSIDERING or CONDITIONS_ACCEPTED, the field will be highlighted yellow and a warning indicator placed for emphasis.
Changed Added Customization Key 'CopyZ3950BibInfo' to control the default behavior of the 'Copy Info' button on Z39.50 searches which is now split button. The default will include bibliographic information (Title and Author), while drop down option will only import call number and location.
Changed On the Check-In from Lending Library form, if a transaction has no lender string, a search box appears (in place of the radio buttons to select the lender) allowing staff to search for the lender. The search button becomes enabled after something is typed in the text search field.
Fixed Client form refresh now refreshes all tabs, not just the selected one.
Fixed Cloning a request in the staff client now correctly copies the RequestType.
Fixed Fixed a problem where changing the layout of tabbed groups caused an error when they were un-grouped.
Fixed Fixed a problem where invalid characters in OCLC request cause an error.
Fixed Fixed issue preventing routing rules from being applied when creating new LOCL requests.
Fixed Removed unsupported search types from OCLC Statuses page
Fixed Fixed MRU Unicode issues that would occur when attempting to edit dropdown values in the client that had Unicode values. Mostly noted when modifying Z39.50 search queries.


Changed Modified processing of SMS notification timers.
 Fixed Fixed borrowing overdue letter templates with salutation Dear User_LastName User_LastName to say Dear User_FirstName User_LastName
 Fixed Carriage returns are now stripped out of tag data.


Fixed Update Received will import Lending info.
Fixed OCLC Received updates removed from the ESPUpdate table if the item status is already set to 'Received' or is 'Not Found'

Web Pages


Updated default web pages by wrapping navigation in a <nav> tag for accessibility.

Changed Allow for renewals/cloning of OTH requests in Lending Web pages.
Changed Added alert roles to error status lines for accessibility.
Changed DLL will now support multiple cookies.
Changed Updated the ChangePassword.html, NewPassword.html, NewUserRegistration.html, LendingChangePassword.html, LendingNewPassword.html, and LendingNewUserRegistration.html default web pages by removing the <#PARAM> tags for any password fields so that data no longer persists when values are incorrect.
 Fixed Fixed an issue where the DLL would not handle invalid OpenURLFieldValues with invalid tag syntax. ie. "<#rft.btitle" (missing closing bracket)
 Fixed Fixed the closing brace in the include_head.html page to the proper tag syntax. The <![endif]--0 has been changed to ![endif]-->
 Fixed Fixed issue of SCountry not working properly on the ChangeUserInformation and NewAuthRegistration pages.
 Fixed Fixed Unicode issues where Unicode characters and diacritics were not handled properly in Lending Web DLL.
 Fixed Fixed web display status issues for delivery locations.
 Fixed Fixed an issue where some Unicode characters are not properly encoded on OpenURL submissions if the user must log in first.
 Fixed Updated the default ReviewRequestHistory.html page by replacing 'History Requests' with 'Request History'.

Web Platform

 New Added AllowInsecureWebPlatformRequests customization key to determine if the Web Platform requests require the use of SSL. Note: for Shared Servers, this key can't be set individually per site.
New  Added the ability to create users via the Web Platform API. See Web Platform API for more information.
Changed  Added the .NET framework httpRuntime element to WebCirc which will determine various runtime parameters. For example, the session will expire after x minutes of inactivity.
Fixed Updated to .NET 4.6.2, which also resolves issues that some institutions have experienced when connecting to web servers that have explicitly disabled TLS 1.0. Note: ILLiad supports the recommended protocol TLS 1.2 for .NET 4.6.2.

ILLiad 9.0 Point Release Notes 

10 Dec 2018 (9.0.1) DLL Release

Fixed Fixed a web validation issue with the debug DLL logs. 

 02 February 2019 (9.0.3) System Manager Release 

Fixed Fixed an issue that caused a problem with server addons not working properly after the 9.0.2 Shared Component Release.

02 March 2019 (9.0.3) Client Release

In support of the ILLiad and DOCLINE 6.1 integration, there have been many changes to the client including the following:

  • New Home button available for navigation to main DOCLINE page
  • Import from clipboard button is no longer available
  • New lending buttons have been added (e.g., Import ALL Requests)
  • The Manual Request & Fill (with Fill & Send) are now separate buttons
  • Changes to the FieldTranslation.xml file
Six new articles have been added to the Atlas Support documents to discuss the changes on the following topics:

For more information on the update, please see the ILLiad and DOCLINE 6.1 FAQ and video tutorials.

Click Here to View the FAQ

Click Here to View the Video Tutorials


All knowledgebase links have been redirected to new support landing page


Modified ILLiad to support Docline 6.1 integration.


Loansome Doc has been removed from the client as a result of NLM retiring Loansome Doc on 7/1/2019.


Upon startup, the client will now query for any updates prior to prompting for sign-in credentials. This will prevent the user from not being able to log into another workstation whose client still operates under the previous version.


Fixed issue for changing passwords on shared server lender addresses.


Fixed FormSystemInformationEmail so it does not expand beyond the window parameters.


Fixed VersionClient customization key to match the updated version after a server update.

11 April 2019 (9.0.1) Server Release

The server update is for sites who wish to change the value of their Odyssey address. For example, if you replace the default IP address value (e.g., 216.x for the OdysseySystemID key with your DNS value (e.g., The update will allow you to put the old OdysseySystemID value (e.g., 216.x in the OdysseySystemIDAlt to ensure you receive any borrowing requests sent prior to the value change.

This update will only allow you to utilize the OdysseySystemIDAlt key. If you are experiencing any server or networking issues, please contact support. The OdysseySystemIDAlt key will have to be added manually since it's not added by default. The OdysseSystemIDAlt key can be located in the Customization Manager under Odyssey | Defaults.

To update to 9.0.1, please use the ILLiad Server Automatic Updater.


Added support for the OdysseySystemIDAlt customization key.

08 May 2019 (9.0.2) DLL Release 

To utilize this new feature, there are three customization keys added in the release that must be configured:
  • SymphonyAPICheckProfile
  • SymphonyAPIAcceptedProfileTypes
  • SLSymphonyAPIInvalidPatronProfile
New Added support for Symphony authentication policy groups. For details see SymphonyAPI: Authentication Process.

26 Sept 2019 (9.0.4) System Manager Release 

New Added a check for situations where addons may consume all available SQL connections. If this situation were to occur then the System Manager would shut down to free up those connections. In addition, Atlas service monitors would receive a notification to check the service shutdown and restart the System Manager. Before shutting the System Manager down, the check for available SQL connections will retry to connect 5 times at 30-second intervals. The default ConnectionTestTimerInterval (default 30-seconds) and ConnectionTestRetryAttemps (default 5) can be modified in the ILLiadSystemManager.exe.config file. 

2 September 2020 (9.0.4) Client Release

The ILLiad Client can now automatically update the Docline scripts as new versions become available. The scripts will be installed in the new default location: 
C:\ProgramData\ILLiad\Docline\. To enable this functionality, add the 
DoclineAutoUpdateEnabled key. To automatically update the 
FieldTranslation.xml and LendingFieldTranslation.xml pages when updating the Docline scripts, add the DoclineAutoUpdateFieldTranslations key. For configuration instructions, see Docline Automatic Update
The following fields from the database have been made as optional fields to add to the Request Details form:  
For details on adding these fields to the Client, see The Borrowing Request Form.


03 January 2022 (9.0.3) Web DLL Release

A new version of the ILLiad Web DLL (v9.0.3) will be available on Monday, January 3rd, to implement an important security fix.

Update Procedure

To install the latest DLL version, please run the ILLiad Server Updater located at C:\ILLiad\Admin\ILLiadUpdate.

Web DLL Changes (v9.0.3)

Fixed Fixed a potential security vulnerability found during a web application scan.


01 March 2022 Server, Client (9.0.5) and SQL Alias Manager (1.3.2) Release

Several ILLiad 9.0 server components and client applications have been updated to address a potential security vulnerability found in their external log4net component. The SQL Alias Manager has also been updated with new functionality in addition to the log4net update. 

Please schedule a server update with your ILLiad hosting provider or IT department and coordinate with your IT department to update the ILLiad client applications as soon as possible after the server update is completed to ensure that all components are secure.

Note: The ILLiad Server must be updated to the latest version before beginning the ILLiad Client update process to ensure that the Billing Manager and Database Manager work properly after the update.

If you have updated the ILLiad client applications before your server update, you can resolve the issue by manually updating the values of the VersionBillingManager and VersionDatabaseManager customization keys in the ILLiad Customization Manager to However, please note that changing the value of these keys will require all ILLiad users on your server to perform the client application update on their machines.

Update Procedure (These steps must be performed in this order)

  1. To install the latest ILLiad 9.0 server components, please run the ILLiad Server Updater located at C:\ILLiad\Admin\ILLiadUpdate if self-hosted, or request an update from your hosting provider. Atlas-hosted sites will be contacted by Atlas Support via email regarding their server update.
  2. Follow the Client Automatic Updater prompts within the ILLiad Client, or download and run the 9.0.5 Client Installer from the ILLiad Downloads page to install the new client applications and SQL Alias Manager. 
  3. Download and run the 9.0.1 Database Manager Installer from the ILLiad Downloads page.

Server Component Updates

The ILLiad Server update includes the following new component versions:

  • Database Manager v9.0.1
  • Rapid Manager v9.0.1.0
  • System Manager v9.0.5.0
  • Web Circulation v9.0.1.0
  • Web DLL v9.0.4.0
  • Web Platform v9.0.2.0
  • Web Reports v9.0.1.0
Fixed Updated the log4net component used in each ILLiad component to the latest secure version (v2.0.14). 

Client Application Updates

Performing the ILLiad Client update process will install the following new application versions:

  • Billing Manager v9.0.1
  • Electronic Delivery Utility v9.0.1
  • ILLiad Client v9.0.5.0
  • ILLiad Customization Manager v9.0.4.0
  • ILLiad Staff Manager v9.0.4.0
  • SQL Alias Manager v1.3.2
Note: The updated version of the SQL Alias Manager contains a new Set Default (Current User) option that allows different Windows accounts on the same machine to use different DBC files. However, this functionality is not yet supported in ILLiad, meaning that the DBC file should be configured and set at the machine level using the Set Default (Local Machine) option, and the Set Default (Current User) option should not be used. See Atlas SQL Alias Manager for more information.
Fixed Updated the log4net component used in each application to the latest secure version (v2.0.14). 


If this article didn’t resolve your issue, please contact Atlas Support for assistance:

Contact Support