← Previous day | Today | Next day → | Search | Index
All times shown according to UTC.
Time | Nick | Message |
---|---|---|
00:49 | AndrewFH joined #koha | |
00:49 | PerplexedTheta joined #koha | |
01:49 | JBoyer joined #koha | |
02:59 | schnydszch joined #koha | |
03:03 | schnydszch | good day! I have some questions regarding some security vulnerability regarding Koha, here are enumerated vulnerabilities from one of the reviews of one Koha server I managed: Cross-Site Scripting (XSS) Filter not Disabled, Content Sniffing not Disabled, Software Version Revealed via HTTP Response Headers, Missing object-src in CSP Declaration. Though risk classification is low for all of these except for "Missing object-src in CSP Declaration". I |
03:03 | want to get some insights on this. Keep safe and best regards! | |
03:11 | mtj | hi schnydszch, what version of koha - and what tool are you using to detect security vulnerabilites? |
03:14 | schnydszch | Hi mtj! Koha 21.05. Let me check the document for the penetration test report |
03:16 | I can't see what was the tool used in the document only technical references. | |
03:17 | well for CSP, here is the evaluator used: https://csp-evaluator.withgoogle.com/ | |
03:18 | here is the technical reference: https://owasp.org/www-project-secure-headers/ | |
03:40 | mtj | many thanks ^ :) |
03:58 | tuxayo | schnydszch: hi :) for the most serious ones if you have the time to confirm the relevance of the reported vulnerabilities I invite you to open a security ticket on the bug tracker https://bugs.koha-community.or[…]t=Koha%20security |
04:00 | It seems to be about hardening the default webserver configuration. It's important that your webserver configuration is the one bundled with Koha package. Otherwise it's not relevant. | |
04:31 | enkidu joined #koha | |
04:37 | huginn | News from kohagit: Bug 30209: Upgrade 'libdbd-sqlite2-perl' package to 'libdbd-sqlite3-perl' <https://git.koha-community.org[…]05878ab689bf86697> |
04:41 | dcook joined #koha | |
04:53 | tuxayo | schnydszch: If you have a reverse proxy that somehow strips headers (my example might make no sense) then it wouldn't be a good instance to make an analysis. Well it would, for your webserver config. But not for the one shipped with Koha |
05:11 | koha-jenkins | Project Koha_Master_D11_CPAN build #551: STILL UNSTABLE in 33 min: https://jenkins.koha-community[…]ter_D11_CPAN/551/ |
05:16 | alohabot | 🎁 🦄 Koha 'master' packages pushed to 'koha-staging' repo 🍊🍊🍙 |
05:21 | koha-jenkins | Project Koha_Master_D11_My8 build #765: STILL UNSTABLE in 43 min: https://jenkins.koha-community[…]ster_D11_My8/765/ |
05:25 | schnydszch | @tuxayo Koha webserver configuration is the one bundled with Koha, though https was automatically created via letsencrypt script "certbot..." |
05:25 | huginn | schnydszch: downloading the Perl source |
05:30 | koha-jenkins | Project Koha_Master_D11_MDB_Latest build #818: STILL UNSTABLE in 53 min: https://jenkins.koha-community[…]1_MDB_Latest/818/ |
05:38 | Project Koha_Master_U21 build #111: STILL UNSTABLE in 1 hr 0 min: https://jenkins.koha-community[…]a_Master_U21/111/ | |
05:39 | Project Koha_Master_U_Stable build #399: STILL UNSTABLE in 1 hr 1 min: https://jenkins.koha-community[…]ter_U_Stable/399/ | |
05:48 | Project Koha_Master_D9 build #1894: STILL UNSTABLE in 36 min: https://jenkins.koha-community[…]a_Master_D9/1894/ | |
05:51 | Project Koha_Master build #1940: ABORTED in 12 min: https://jenkins.koha-community[…]Koha_Master/1940/ | |
05:51 | Project Koha_Master_D12 build #95: ABORTED in 12 min: https://jenkins.koha-community[…]ha_Master_D12/95/ | |
05:51 | Project Koha_Master_U20 build #324: ABORTED in 30 min: https://jenkins.koha-community[…]a_Master_U20/324/ | |
06:22 | Yippee, build fixed! | |
06:22 | Project Koha_Master_D10 build #551: FIXED in 34 min: https://jenkins.koha-community[…]a_Master_D10/551/ | |
06:36 | Project Koha_Master_U_Stable build #400: STILL UNSTABLE in 45 min: https://jenkins.koha-community[…]ter_U_Stable/400/ | |
06:54 | Project Koha_Master_D12 build #96: SUCCESS in 1 hr 3 min: https://jenkins.koha-community[…]ha_Master_D12/96/ | |
06:56 | Yippee, build fixed! | |
06:56 | Project Koha_Master_U21 build #112: FIXED in 33 min: https://jenkins.koha-community[…]a_Master_U21/112/ | |
07:09 | Yippee, build fixed! | |
07:09 | Project Koha_Master_D9 build #1895: FIXED in 1 hr 18 min: https://jenkins.koha-community[…]a_Master_D9/1895/ | |
07:14 | magnuse joined #koha | |
07:18 | koha-jenkins | Yippee, build fixed! |
07:18 | Project Koha_Master build #1941: FIXED in 1 hr 27 min: https://jenkins.koha-community[…]Koha_Master/1941/ | |
07:19 | Yippee, build fixed! | |
07:19 | Project Koha_Master_D11_CPAN build #552: FIXED in 42 min: https://jenkins.koha-community[…]ter_D11_CPAN/552/ | |
07:30 | Yippee, build fixed! | |
07:30 | Project Koha_Master_U20 build #325: FIXED in 34 min: https://jenkins.koha-community[…]a_Master_U20/325/ | |
07:31 | JBoyer joined #koha | |
07:38 | alex_a joined #koha | |
07:38 | sodesvaux joined #koha | |
07:42 | reiveune joined #koha | |
07:42 | reiveune | hello |
08:00 | lds joined #koha | |
08:02 | cait joined #koha | |
08:03 | koha-jenkins | Project Koha_Master_D11_MDB_Latest build #819: STILL UNSTABLE in 54 min: https://jenkins.koha-community[…]1_MDB_Latest/819/ |
08:03 | cait | good morning #koha |
08:05 | koha-jenkins | Yippee, build fixed! |
08:05 | Project Koha_Master_D11_My8 build #766: FIXED in 34 min: https://jenkins.koha-community[…]ster_D11_My8/766/ | |
08:06 | Project Koha_Master_U_Stable build #401: STILL UNSTABLE in 46 min: https://jenkins.koha-community[…]ter_U_Stable/401/ | |
08:09 | cait1 joined #koha | |
08:16 | paul_p joined #koha | |
08:30 | alex_a joined #koha | |
09:09 | lmstrand joined #koha | |
09:10 | lmstrand | Hi all! I have a question about facets that show on the left side of search results. |
09:11 | We'd like to add languages to the facets. We're using Elasticsearch. Any idea where to look? | |
09:15 | it seems it has disappeared after we switched from Zebra to Elasticsearch? | |
09:22 | udkoha joined #koha | |
09:27 | cait1 | if you had it with Zebra it was a customization |
09:28 | I think | |
09:28 | have you checked bugzilla for facet und language? | |
09:46 | lmstrand | I'll go check. |
10:07 | udkoha joined #koha | |
10:08 | koha-jenkins | Yippee, build fixed! |
10:08 | Project Koha_Master_D11_MDB_Latest build #820: FIXED in 53 min: https://jenkins.koha-community[…]1_MDB_Latest/820/ | |
10:17 | Project Koha_Master_U_Stable build #402: STILL UNSTABLE in 1 hr 3 min: https://jenkins.koha-community[…]ter_U_Stable/402/ | |
11:43 | cait joined #koha | |
11:58 | AndrewFH joined #koha | |
12:43 | davewood | i wrote a koha javascript plugin that lets you switch between the html-tabs on addbiblio.pl using hotkeys Ctrl+Meta+<num> or Ctrl+Meta+ArrowKeys ... and also switch between edit/view (addbiblio.pl/detail.pl) using Ctrl+Meta+a/Ctrl+Meta+b |
12:43 | currently a private github repo but if needed I could make that repo public. | |
12:44 | one of our customers (steirische landesbibliothek) requested these features. | |
12:45 | http://paste.scsys.co.uk/596622 | |
12:54 | nlegrand joined #koha | |
12:54 | nlegrand | Hey friends! Hope everyone is well :) |
12:56 | Is there something to do if I want to test something with koha-testing-docker on a stable version? I've checked out 20.11.x but it turned out to be fishy, I have an exit error on the koha machine. | |
12:56 | master works great | |
12:59 | Joubu | nlegrand: in ktd repo you should checkout the 20.11 branch |
13:01 | nlegrand | Joubu: ho. Seems rational :) thank you! |
13:05 | *greatly | |
13:11 | I'm still having the same issue (Can't locate YAML/Syck.pm), I've tried ku-es6 and docker-compose -p koha down. Am I missing something obvious? | |
13:37 | Dyrcona joined #koha | |
13:41 | nlegrand | Bug 6815 is very nice if someone from the QA team wants to look at something pleasant :) |
13:41 | huginn | Bug https://bugs.koha-community.or[…]w_bug.cgi?id=6815 enhancement, P5 - low, ---, oleonard, Signed Off , Capture member photo via webcam |
13:42 | nlegrand | On the plus side, it's a 4 digits bug. I'm sure there is more karma for 4 digits bugs. |
14:00 | AndrewFH | nelegrand there are a few perl modules dropped from master that older versions still require. ktd won't install them by default. I suspect that's your issue |
14:00 | when I launch ktd in master and then go back to 21.05, I need to libyaml-syck-perl, libcgi-session-serialize-yaml-perl, libmojo-jwt-perl | |
14:01 | nlegrand | thanks AndrewFH. Even if you check out 21.05 in ktd? |
14:02 | AndrewFH | correct. my understanding is ktd only automatically installs the modules needed for whatever koha version you've set as your default at launch (which will be master unless you've done some special setup) |
14:03 | but once you've installed those modules once you don't need to do it again until you completely kill and relaunch ktd | |
14:03 | fribeiro joined #koha | |
14:04 | fribeiro | Hey guys |
14:05 | I'm using Koha 21.05.07 and I get this error at some result pages | |
14:05 | utf8 "\xC3" does not map to Unicode at /usr/lib/x86_64-linux-gnu/perl/5.24/Encode.pm line 202. | |
14:05 | Have anyone ever experienced this? | |
14:07 | The error occurs at https://github.com/Koha-Commun[…]ch/Search.pm#L382 | |
14:09 | nlegrand | fribeiro: maybe a latin-1 char? |
14:10 | https://en.wikipedia.org/wiki/%C3%83 | |
14:19 | fribeiro | The original text does not have that character. It seems that its the decode_base64 function that somehow its generating that |
14:33 | lukeg joined #koha | |
14:56 | AndrewFH joined #koha | |
16:25 | reiveune | bye |
16:25 | reiveune left #koha | |
16:47 | cait joined #koha | |
17:15 | lukeg joined #koha | |
17:27 | cait joined #koha | |
17:50 | AndrewFH joined #koha | |
18:08 | lukeg joined #koha | |
18:22 | AndrewFH joined #koha | |
19:07 | tuxayo | lol Bug 5158 |
19:07 | huginn | Bug https://bugs.koha-community.or[…]w_bug.cgi?id=5158 enhancement, P5 - low, ---, camins, ASSIGNED , Koha needs its own cookie, ice cream, and fudge flavors |
19:50 | gooble_gobble joined #koha | |
20:16 | paul_p joined #koha | |
20:25 | udkoha joined #koha | |
20:29 | lukeg joined #koha | |
21:02 | udkoha_ joined #koha | |
22:40 | AndrewFH joined #koha | |
22:47 | AndrewFH joined #koha | |
23:30 | AndrewFH joined #koha | |
23:38 | AndrewFH joined #koha |
← Previous day | Today | Next day → | Search | Index